Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
123.sfx.exe

Overview

General Information

Sample name:123.sfx.exe
Analysis ID:1513331
MD5:b38dfb77e2bf795ee75f3e20f493d493
SHA1:fb1259948701297f235557764b7448cc7f34828b
SHA256:3bf7cf40c4a493fc826fca2c74adcf4858423089dd94ba5a8352e00aa8987028
Tags:exe
Infos:

Detection

STRRAT
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected STRRAT
AI detected suspicious sample
Connects to a pastebin service (likely for C&C)
Drops PE files to the user root directory
Drops large PE files
Found API chain indicative of debugger detection
Modifies the windows firewall
Sigma detected: Execution from Suspicious Folder
Uses netsh to modify the Windows network and firewall settings
AV process strings found (often used to terminate AV products)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
File is packed with WinRar
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • 123.sfx.exe (PID: 2316 cmdline: "C:\Users\user\Desktop\123.sfx.exe" MD5: B38DFB77E2BF795EE75F3E20F493D493)
    • cmd.exe (PID: 6476 cmdline: "C:\Windows\System32\cmd.exe" /c C:\users\public\123.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • 123.exe (PID: 652 cmdline: C:\users\public\123.exe MD5: 8A5D3B7370D1B880AD305C1691CDBE77)
        • javaw.exe (PID: 6508 cmdline: "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher MD5: 48C96771106DBDD5D42BBA3772E4B414)
          • netsh.exe (PID: 3116 cmdline: netsh advfirewall set domainprofile state off MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
            • conhost.exe (PID: 6448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: javaw.exe PID: 6508JoeSecurity_STRRATYara detected STRRATJoe Security

    System Summary

    barindex
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\users\public\123.exe, CommandLine: C:\users\public\123.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\123.exe, NewProcessName: C:\Users\Public\123.exe, OriginalFileName: C:\Users\Public\123.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c C:\users\public\123.exe, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6476, ParentProcessName: cmd.exe, ProcessCommandLine: C:\users\public\123.exe, ProcessId: 652, ProcessName: 123.exe
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.0% probability
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B331B16 ??3@YAXPAX@Z,??3@YAXPAX@Z,CryptDestroyHash,CryptReleaseContext,5_2_6B331B16
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B331719 _Java_sun_security_mscapi_RSASignature_signHash@40,__except_handler4,CryptCreateHash,CryptCreateHash,CryptGetProvParam,CryptAcquireContextA,GetLastError,CryptCreateHash,??2@YAPAXI@Z,CryptSetHashParam,CryptGetKeyParam,CryptSignHashA,CryptSignHashA,??2@YAPAXI@Z,CryptSignHashA,5_2_6B331719
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B331363 ??3@YAXPAX@Z,CryptReleaseContext,5_2_6B331363
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B331B50 _Java_sun_security_mscapi_RSAKeyPairGenerator_generateRSAKeyPair@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptGenKey,5_2_6B331B50
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3313AC _Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateChains@12,CertOpenSystemStoreA,GetLastError,CertEnumCertificatesInStore,CryptAcquireCertificatePrivateKey,CryptGetUserKey,CryptReleaseContext,CryptSetKeyParam,CertGetPublicKeyLength,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,CryptGetKeyParam,CertFreeCertificateChain,5_2_6B3313AC
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B332BF6 _Java_sun_security_mscapi_KeyStore_storePrivateKey@20,CryptAcquireContextA,GetLastError,CryptImportKey,5_2_6B332BF6
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B33120D _Java_sun_security_mscapi_PRNG_generateSeed@16,CryptAcquireContextA,GetLastError,CryptGenRandom,GetLastError,??2@YAPAXI@Z,CryptGenRandom,GetLastError,CryptGenRandom,5_2_6B33120D
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B332274 _Java_sun_security_mscapi_KeyStore_destroyKeyContainer@12,CryptAcquireContextA,GetLastError,5_2_6B332274
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3326A7 _Java_sun_security_mscapi_RSAPublicKey_getPublicKeyBlob@16,CryptExportKey,CryptExportKey,GetLastError,??2@YAPAXI@Z,CryptExportKey,5_2_6B3326A7
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3316EE _Java_sun_security_mscapi_Key_cleanUp@24,CryptDestroyKey,CryptReleaseContext,5_2_6B3316EE
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B332D25 _Java_sun_security_mscapi_RSASignature_importPublicKey@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptImportKey,5_2_6B332D25
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B33192E ??3@YAXPAX@Z,??3@YAXPAX@Z,CryptDestroyHash,CryptReleaseContext,5_2_6B33192E
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B332500 _Java_sun_security_mscapi_KeyStore_getKeyLength@16,CryptGetKeyParam,GetLastError,5_2_6B332500
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B33256A _Java_sun_security_mscapi_RSACipher_encryptDecrypt@28,??2@YAPAXI@Z,CryptEncrypt,GetLastError,CryptDecrypt,5_2_6B33256A
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B331968 _Java_sun_security_mscapi_RSASignature_verifySignedHash@44,__except_handler4,CryptCreateHash,CryptGetProvParam,CryptAcquireContextA,GetLastError,CryptCreateHash,??2@YAPAXI@Z,??2@YAPAXI@Z,CryptSetHashParam,CryptVerifySignatureA,5_2_6B331968
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B331D4B _Java_sun_security_mscapi_KeyStore_storeCertificate@40,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,??2@YAPAXI@Z,memcpy,CertSetCertificateContextProperty,CryptGetProvParam,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,CryptGetKeyParam,CertSetCertificateContextProperty,CertAddCertificateContextToStore,GetLastError,5_2_6B331D4B
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B332423 _Java_sun_security_mscapi_RSACipher_getKeyFromCert@20,CryptAcquireCertificatePrivateKey,GetLastError,CryptGetUserKey,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptImportPublicKeyInfo,GetLastError,5_2_6B332423
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B331C59 _Java_sun_security_mscapi_Key_getContainerName@16,CryptGetProvParam,5_2_6B331C59
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B331CBB _Java_sun_security_mscapi_Key_getKeyType@16,CryptGetKeyParam,sprintf,5_2_6B331CBB
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3324F0 CryptReleaseContext,5_2_6B3324F0
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\README.txtJump to behavior
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\msvcr100.dllJump to behavior
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.5:49708 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.5:49710 version: TLS 1.2
    Source: 123.sfx.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: javaw.exe, 00000005.00000002.2269001419.000000006C603000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: javaw.exe, 00000005.00000002.2270463464.000000006FB37000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: javaw.exe, 00000005.00000002.2269001419.000000006C603000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: javaw.exe, 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: javaw.exe, 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: javaw.exe, 00000005.00000002.2268883373.000000006C5DD000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000005.00000002.2270578715.0000000073486000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000005.00000002.2267329282.000000006B334000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb< source: jp2iexp.dll.4.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.4.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe, javaw.exe, 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000005.00000000.2198336788.000000000003C000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge\WindowsAccessBridge.pdb source: WindowsAccessBridge.dll.4.dr
    Source: Binary string: msvcr100.i386.pdb source: javaw.exe, 00000005.00000002.2269872182.000000006C9F1000.00000020.00000001.01000000.0000000B.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: javaw.exe, 00000005.00000002.2270463464.000000006FB37000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb source: jp2iexp.dll.4.dr
    Source: Binary string: msvcr120.i386.pdb source: javaw.exe, javaw.exe, 00000005.00000002.2268577887.000000006C4A1000.00000020.00000001.01000000.00000012.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000005.00000002.2270326406.000000006E58A000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\deployJava1\obj\deployJava1.pdbL source: deployJava1.dll.4.dr
    Source: Binary string: msvcp120.i386.pdb source: javaw.exe, javaw.exe, 00000005.00000002.2268404042.000000006C421000.00000020.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe.4.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000005.00000002.2267424218.000000006B353000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000005.00000002.2267424218.000000006B353000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 123.sfx.exe
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\deployJava1\obj\deployJava1.pdb source: deployJava1.dll.4.dr
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AAB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF704AAB190
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A940BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF704A940BC
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704ABFCA0 FindFirstFileExA,0_2_00007FF704ABFCA0
    Source: C:\Users\Public\123.exeCode function: 4_2_00402930 FindFirstFileW,4_2_00402930
    Source: C:\Users\Public\123.exeCode function: 4_2_004068D4 FindFirstFileW,FindClose,4_2_004068D4
    Source: C:\Users\Public\123.exeCode function: 4_2_00405C83 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,4_2_00405C83
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0002A3A5 __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,5_2_0002A3A5
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_00025225 FindFirstFileA,FindNextFileA,_strlen,_strlen,_strlen,_memmove,_memmove,FindClose,5_2_00025225
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\RDBNT\jre\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\RDBNT\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\RDBNT\jre\lib\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior

    Networking

    barindex
    Source: unknownDNS query: name: pastebin.com
    Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
    Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: // www.yahoo.com.by, for example), so we list it here for safety's sake. equals www.yahoo.com (Yahoo)
    Source: global trafficDNS traffic detected: DNS query: pastebin.com
    Source: global trafficDNS traffic detected: DNS query: google.com
    Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
    Source: javaw.exe, 00000005.00000002.2249415666.0000000004D96000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: HTTP://WWW.CHAMBERSIGN.ORG
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://about.museum/naming/
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings:
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansionG
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace:
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations3
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations/
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments1
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesO
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth;
    Source: javaw.exe, 00000005.00000002.2260108258.00000000159B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespaces
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdA
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs:
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations9
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamic
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking5
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi=
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default=
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueg/Strin
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema:
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef:
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language:
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xincludeC
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node7
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name3
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner7
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager:
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver?
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler=
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter8
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binderA
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table6
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-managerP
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory8
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtdD
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema$
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler$
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/locale
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/localeF
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationJ
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager&
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypesD
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A491000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://asm.objectweb.org
    Source: javaw.exe, javaw.exe, 00000005.00000002.2269001419.000000006C603000.00000002.00000001.01000000.0000000E.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A237000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
    Source: javaw.exe, 00000005.00000002.2269001419.000000006C603000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.ven
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cenpac.net.nr/dns/index.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnnic.cn/html/Dir/2005/10/11/3218.htm
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2249415666.000000000513A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2249415666.000000000513A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AC6A000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2249415666.000000000513A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AC6A000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2249415666.000000000513A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dns.marnet.net.mk/postapka.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://domain.nida.or.kr/eng/registration.jsp
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadao.gov.gu/registration.txt
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hoster.by/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icmregistry.com
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://index.museum/
    Source: javaw.exe, javaw.exe, 00000005.00000002.2253255940.000000000A23F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2269001419.000000006C603000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.oracle.com/
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/dom
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-checkFil
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource;
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/)
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/$
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A8AA000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd9
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A8AA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event/
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A6B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/fxml/1
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A6B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/javafx/8
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDR
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemaD
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet8
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMResult/feature
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A6B0000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMSource/feature
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXResult/feature#
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXSource/feature
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/featureF
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXResult/feature
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature-
    Source: javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jprs.co.jp/en/jpdomain.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jprs.jp/doc/rule/saisoku-1.html
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nic.ae/english/arabicdomain/rules.jsp
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nic.com.ai/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nic.gl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nic.lk
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nic.tn
    Source: 123.exe, 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmp, 123.exe, 00000004.00000000.2129955410.000000000040A000.00000008.00000001.01000000.00000009.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: javaw.exe, 00000005.00000002.2253255940.000000000ABB8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2265096063.0000000016858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://null.sun.com/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.example.net:80
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://ocsp.thawte.com0
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://online.dns.pt/dns/start_dns
    Source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://openjdk.java.net/jeps/220).
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pk5.pknic.net.pk/pk5/msgNamepk.PK
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AC6A000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2249415666.000000000513A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://psg.com/dns/gn/gn.txt
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://psg.com/dns/lr/lr.txt
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://psg.com/dns/ng/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://registro.br/dominio/dpn.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://registro.nic.ve/nicve/registro/index.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://registry.gc.ca/en/SubdomainFAQ
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://registry.gy/
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://relaxngcc.sf.net/).
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AC6A000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2249415666.000000000513A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AC6A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/cH
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AC6A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/s
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://s2.symcb.com0
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://samoanic.ws/index.dhtml
    Source: javaw.exe, 00000005.00000002.2249415666.0000000004F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://site.com/
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://sv.symcb.com/sv.crt0
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://sv.symcd.com0&
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://tartarus.org/~martin/PorterStemmer
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tld.by/rules_2006_en.html
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://upx.sourceforge.net/upx-license.html.
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://upx.tsx.org
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.ati.tn/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.nic.bi/
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://wildsau.idv.uni-linz.ac.at/mfx/upx.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aeda.ae/eng/aepolicy.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.afnic.fr/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.afnic.fr/obtenir/chartes/nommage-fr/annexe-descriptifs
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.afnic.fr/obtenir/chartes/nommage-fr/annexe-sectoriels
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.afnic.re/obtenir/chartes/nommage-re/annexe-descriptifs
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anrt.ma/fr/admin/download/upload/file_fr782.pdf
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.antel.com.uy/
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.apache.org/licenses/
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aucd.org.au/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.belizenic.bz/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bermudanic.bm/dnr-text.txt
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.c.la/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cctld.nc/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cctld.ru/en/docs/rulesrf.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cctld.ru/ru/docs/aktiv_8.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.centralnic.com/names/domains
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AC6A000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2249415666.000000000513A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AC6A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl;
    Source: javaw.exe, 00000005.00000002.2249415666.000000000513A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crlk
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
    Source: javaw.exe, 00000005.00000002.2249415666.0000000004D96000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2249415666.000000000513A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.channelisles.net/applic/avextn.shtml
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cmc.iq/english/iq/iqregister1.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.co.pl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.com.jm/register.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dns.ao/REGISTR.DOC
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dns.hr/documents/pdf/HRTLD-regulations.pdf
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dns.jo/Registration_policy.aspx
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dns.lu/en/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dns.pl/english/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dns.pl/english/dns-funk.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dns.pl/english/dns-regiony.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.domain-registry.nl/ace.php/c
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.domain.hu/domain/English/sld.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.domain.kg/dmn_n.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.domaine.km/documents/charte.doc
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.domains.ph/FAQ2.asp
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dot.kn/domainRules.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dot.mp/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dotmasr.eg/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dyndns.com/services/dns/dyndns/
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.ecma-international.org
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.ecma-international.org/memento/codeofconduct.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eenet.ee/EENet/dom_reeglid.html#lisa_B
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ert.gov.al/ert_alb/faq_det.html?Id=31
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gobin.info/domainname/bw.doc
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gobin.info/domainname/formulaire-pf.pdf
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gobin.info/domainname/ml-template.doc
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gobin.info/domainname/mz-template.doc
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gobin.info/domainname/sy.doc
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gov.lt/index_en.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.government.pn/PnRegistry/policies.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gt/politicas.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ict.gov.qa/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.icta.ky/da_ky_reg_dom.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ietf.org/rfc/rfc2373.txt)
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.info.at/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.info.na/domain/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.information.aero/index.php?id=66
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inregistry.in/policies/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.isnic.is/domain/rules.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.isoc.sd/sudanic.isoc.sd/billing_pricing.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kcce.kp/en_index.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kenic.or.ke/index.php?option=com_content&task=view&id=117&Itemid=145
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ki/dns/index.html
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.linuxnet.com
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monic.net.mo/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mos.com.np/register.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A34ED0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2004/em-rdf#
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/MPL/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A34ED0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mptc.gov.kh/dns_registration.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mynic.net.my/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.na-nic.com.na/
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.nexus.hu/upx
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.af/help.jsp
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.ag/prices.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.bo/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.bs/rules.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.ci/index.php?page=charte
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.cr/niccr_publico/showRegistroDominiosScreen.do
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.ec/reg/paso1.asp
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.gh/reg_now.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.gi/rules.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.gm/htmlpages%5Cgm-policy.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.gp/index.php?lang=en
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.hn/politicas/ps02
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.ht/info/charte.cfm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.io/rules.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.ir/Internationalized_Domain_Names
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.ir/Terms_and_Conditions_ir
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.it/documenti/appendice-c.pdf
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.it/documenti/regolamenti-e-linee-guida/regolamento-assegnazione-versione-6.0.pdf
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.kz/rules/index.jsp
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.lc/rules.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.lk/seclevpr.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.lv/DNS/En/generic.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.ly/regulations.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.mc/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.mg/tarif.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.mx/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.net.ge/policy_en.pdf
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.net.sa/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.net.sg/sub_policies_agreement/2ld.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.net.ua/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.ni/dominios.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.pa/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.pr/index.asp?f=1
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.priv.at/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.pro/support_faq.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.ps/registration/policy.html#reg
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.py/faq_a.html#faq_b
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.rw/cgi-bin/policy.pl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.sc/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.sh/rules.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.sl
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.st/html/policyrules/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.tg/nictg/index.php
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.tj/policy.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.tm/rules.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.tt/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.vi/Domain_Rules/body_domain_rules.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.vi/newdomainform.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.yu/pravilnik-e.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.norid.no/regelverk/index.en.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.norid.no/regelverk/vedlegg-b.en.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.norid.no/regelverk/vedlegg-c.en.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.norid.no/regelverk/vedlegg-d.en.html
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jdk/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jfr-info/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/enable-errors
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/enable-exceptions
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/file-io-threshold
    Source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/java/monitor/address
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/socket-io-threshold
    Source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id
    Source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/compiler/id
    Source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/gc/id
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/javafx/pulse/id
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2264967676.00000000167AE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
    Source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/
    Source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/C:
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/is-standalone
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit#
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager;
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pnina.ps
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.qatar.net.qa/services/virtual.htm
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.reg.uz/registerr.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.registrar.mw/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.registry.co.ug/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rotld.ro/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sbnic.net.sb/
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.sgi.com/software/opensource/cid/license.html
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.sgi.com/software/opensource/glx/license.html.
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sispa.org.sz/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.soregistry.com/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.svnet.org.sv/svpolicy.html
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://www.symauth.com/cps0(
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: http://www.symauth.com/rpa00
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.telnic.org/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thnic.co.th
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.twnic.net/english/dn/dn_07a.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tznic.or.tz/index.php/domains.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.una.an/an_domreg/default.asp
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.unicode.org/Public/
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.unicode.org/Public/.
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.unicode.org/cldr/data/.
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.unicode.org/copyright.html.
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.unicode.org/reports/
    Source: THIRDPARTYLICENSEREADME.txt.4.drString found in binary or memory: http://www.xfree86.org/)
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.y.net.ye/services/domain_name.htm
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.za.net/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zadna.org.za/slds.html
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xalan
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A6B0000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xpath/features/whitespace-pre-stripping
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xpath/features/whitespace-pre-stripping3
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xslt
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities7
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities8
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixesru
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
    Source: javaw.exe, 00000005.00000002.2260108258.00000000159B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interning
    Source: javaw.exe, 00000005.00000002.2260108258.00000000159B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interningfeature
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation?
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler
    Source: javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler.
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string
    Source: javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string?
    Source: deployJava1.dll.4.drString found in binary or memory: https://HTTP/1.1GETRange:
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: https://d.symcb.com/cps0%
    Source: jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drString found in binary or memory: https://d.symcb.com/rpa0
    Source: javaw.exe, 00000005.00000002.2264967676.00000000167AE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2249415666.0000000004F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TsSaltan/DevelNext-jURL/releases/latest
    Source: javaw.exe, 00000005.00000002.2253255940.000000000A2E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/gson
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grweb.ics.forth.gr/english/1617-B-2005.html
    Source: deployJava1.dll.4.drString found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL%s?BundleId=%s%s
    Source: deployJava1.dll.4.drString found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL%s?BundleId=%surl%s%stmp1.8%s.0%s
    Source: javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
    Source: javaw.exe, 00000005.00000002.2249415666.0000000004D96000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/21LMhQPq
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://postlister.uninett.no/sympa/info/norid-diskusjon
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://register.pandi.or.id/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dot.vn/vnnic/vnnic/domainregistration.jsp
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hkdnr.hk
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nic.cd/domain/insertDomain_2.jsp?act=1
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nic.es/site_ingles/ingles/dominios/index.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nic.im/pdfs/imfaqs.pdf
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nic.org.mt/dotmt/
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nic.pe/InformeFinalComision.pdf
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.register.bg/user/static/rules/en/index.html
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.hkirc.hk/register/rules.jsp
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.5:49708 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.5:49710 version: TLS 1.2
    Source: C:\Users\Public\123.exeCode function: 4_2_0040573B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,4_2_0040573B
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B956800 GetKeyboardState,5_2_6B956800
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B332BF6 _Java_sun_security_mscapi_KeyStore_storePrivateKey@20,CryptAcquireContextA,GetLastError,CryptImportKey,5_2_6B332BF6
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B332D25 _Java_sun_security_mscapi_RSASignature_importPublicKey@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptImportKey,5_2_6B332D25

    System Summary

    barindex
    Source: C:\Users\user\Desktop\123.sfx.exeFile dump: 123.exe.0.dr 161739843Jump to dropped file
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A8C2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF704A8C2F0
    Source: C:\Users\Public\123.exeCode function: 4_2_00403552 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_00403552
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AB07540_2_00007FF704AB0754
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AAB1900_2_00007FF704AAB190
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A9A4AC0_2_00007FF704A9A4AC
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AA34840_2_00007FF704AA3484
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A85E240_2_00007FF704A85E24
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AACE880_2_00007FF704AACE88
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AA1F200_2_00007FF704AA1F20
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A8F9300_2_00007FF704A8F930
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A949280_2_00007FF704A94928
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AC25500_2_00007FF704AC2550
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A9B5340_2_00007FF704A9B534
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A876C00_2_00007FF704A876C0
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704ABC8380_2_00007FF704ABC838
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A848400_2_00007FF704A84840
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AA21D00_2_00007FF704AA21D0
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A9F1800_2_00007FF704A9F180
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A8A3100_2_00007FF704A8A310
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A8C2F00_2_00007FF704A8C2F0
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A872880_2_00007FF704A87288
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A9126C0_2_00007FF704A9126C
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AA53F00_2_00007FF704AA53F0
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AB07540_2_00007FF704AB0754
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AA8DF40_2_00007FF704AA8DF4
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AA2D580_2_00007FF704AA2D58
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A9AF180_2_00007FF704A9AF18
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AC20800_2_00007FF704AC2080
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AB89A00_2_00007FF704AB89A0
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A9C96C0_2_00007FF704A9C96C
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AA39640_2_00007FF704AA3964
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AA2AB00_2_00007FF704AA2AB0
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A81AA40_2_00007FF704A81AA4
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AC5AF80_2_00007FF704AC5AF8
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A91A480_2_00007FF704A91A48
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704ABFA940_2_00007FF704ABFA94
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AA4B980_2_00007FF704AA4B98
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A9BB900_2_00007FF704A9BB90
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A95B600_2_00007FF704A95B60
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AB8C1C0_2_00007FF704AB8C1C
    Source: C:\Users\Public\123.exeCode function: 4_2_00406DE64_2_00406DE6
    Source: C:\Users\Public\123.exeCode function: 4_2_004075BD4_2_004075BD
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_000270165_2_00027016
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_000268295_2_00026829
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0003B4A15_2_0003B4A1
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_000284FF5_2_000284FF
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_000399255_2_00039925
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0003A5525_2_0003A552
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0002C1565_2_0002C156
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0002B1695_2_0002B169
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0002BD6E5_2_0002BD6E
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0002B99C5_2_0002B99C
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0002B5FE5_2_0002B5FE
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_00039E765_2_00039E76
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_00027F2B5_2_00027F2B
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_00027B2F5_2_00027B2F
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_000393D45_2_000393D4
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B34D75B5_2_6B34D75B
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3433D55_2_6B3433D5
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B347FDA5_2_6B347FDA
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B343E7A5_2_6B343E7A
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B34D2575_2_6B34D257
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B34D6B55_2_6B34D6B5
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B34DEBA5_2_6B34DEBA
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3432865_2_6B343286
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B349AE75_2_6B349AE7
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B342ACB5_2_6B342ACB
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B34E52D5_2_6B34E52D
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3429115_2_6B342911
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3495645_2_6B349564
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3469665_2_6B346966
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3471685_2_6B347168
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3491DA5_2_6B3491DA
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B34D87C5_2_6B34D87C
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B34DCAE5_2_6B34DCAE
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B343CF05_2_6B343CF0
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B346CEE5_2_6B346CEE
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8E6A785_2_6B8E6A78
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8E6A765_2_6B8E6A76
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8E69F05_2_6B8E69F0
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B93E9405_2_6B93E940
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8C082C5_2_6B8C082C
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8B28205_2_6B8B2820
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8CAD605_2_6B8CAD60
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B93ED605_2_6B93ED60
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B918CC05_2_6B918CC0
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8B23A05_2_6B8B23A0
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8B22805_2_6B8B2280
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8DE2C05_2_6B8DE2C0
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B92A0065_2_6B92A006
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B9187B05_2_6B9187B0
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8C07A05_2_6B8C07A0
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B93E5305_2_6B93E530
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8B25305_2_6B8B2530
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B93DB905_2_6B93DB90
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B91BA805_2_6B91BA80
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B941A105_2_6B941A10
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8B1A405_2_6B8B1A40
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B91D9605_2_6B91D960
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B93D8605_2_6B93D860
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B941F005_2_6B941F00
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8D5DE05_2_6B8D5DE0
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8FDD2C5_2_6B8FDD2C
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8D1CB05_2_6B8D1CB0
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8BF3305_2_6B8BF330
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B9192D05_2_6B9192D0
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 6B963F81 appears 302 times
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 0002DB40 appears 40 times
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 00028A72 appears 35 times
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 6B963D9C appears 142 times
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 6B964026 appears 252 times
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 6B90EA57 appears 188 times
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 6B95F4BC appears 297 times
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 6B963DA2 appears 32 times
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 6B963F4E appears 48 times
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 6B96405E appears 39 times
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 6B963DC6 appears 46 times
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: String function: 00023BA3 appears 49 times
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A33DE7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VALUE "OriginalFilename", XSTR(JFX_FNAME) "\0" vs 123.sfx.exe
    Source: classification engineClassification label: mal80.troj.evad.winEXE@11/218@4/2
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A8B6D8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF704A8B6D8
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3313AC _Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateChains@12,CertOpenSystemStoreA,GetLastError,CertEnumCertificatesInStore,CryptAcquireCertificatePrivateKey,CryptGetUserKey,CryptReleaseContext,CryptSetKeyParam,CertGetPublicKeyLength,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,CryptGetKeyParam,CertFreeCertificateChain,5_2_6B3313AC
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3322F9 _Java_sun_security_mscapi_RSACipher_findCertificateUsingAlias@16,CertOpenSystemStoreA,GetLastError,CertGetNameStringA,CertEnumCertificatesInStore,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,strcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,5_2_6B3322F9
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B331D4B _Java_sun_security_mscapi_KeyStore_storeCertificate@40,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,??2@YAPAXI@Z,memcpy,CertSetCertificateContextProperty,CryptGetProvParam,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,CryptGetKeyParam,CertSetCertificateContextProperty,CertAddCertificateContextToStore,GetLastError,5_2_6B331D4B
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3320B5 _Java_sun_security_mscapi_KeyStore_removeCertificate@24,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,CertFindCertificateInStore,CertGetNameStringA,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,strcmp,CertDeleteCertificateFromStore,GetLastError,5_2_6B3320B5
    Source: C:\Users\Public\123.exeCode function: 4_2_00403552 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_00403552
    Source: C:\Users\Public\123.exeCode function: 4_2_004049E7 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,4_2_004049E7
    Source: C:\Users\Public\123.exeCode function: 4_2_004021CF CoCreateInstance,4_2_004021CF
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AA8624 FindResourceExW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF704AA8624
    Source: C:\Users\user\Desktop\123.sfx.exeFile created: C:\Users\Public\__tmp_rar_sfx_access_check_5856031Jump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5568:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6448:120:WilError_03
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Local\Temp\nsj74C1.tmpJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCommand line argument: 1.85_2_00021000
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCommand line argument: 1.8.0_101-b135_2_00021000
    Source: 123.sfx.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\123.sfx.exeFile read: C:\Windows\win.iniJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: javaw.exeString found in binary or memory: sun/launcher/LauncherHelper
    Source: javaw.exeString found in binary or memory: -help
    Source: C:\Users\user\Desktop\123.sfx.exeFile read: C:\Users\user\Desktop\123.sfx.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\123.sfx.exe "C:\Users\user\Desktop\123.sfx.exe"
    Source: C:\Users\user\Desktop\123.sfx.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\users\public\123.exe
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\123.exe C:\users\public\123.exe
    Source: C:\Users\Public\123.exeProcess created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall set domainprofile state off
    Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\123.sfx.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\users\public\123.exeJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\123.exe C:\users\public\123.exeJump to behavior
    Source: C:\Users\Public\123.exeProcess created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncherJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall set domainprofile state offJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: dxgidebug.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: riched20.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: usp10.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: msls31.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\Public\123.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: dhcpcsvc6.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: d3d9.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: d3d10warp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: resourcepolicyclient.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: dxcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: dwrite.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: dataexchange.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: d3d11.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: dcomp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: dxgi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: 123.sfx.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: 123.sfx.exeStatic file information: File size 50480444 > 1048576
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\msvcr100.dllJump to behavior
    Source: 123.sfx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: 123.sfx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: 123.sfx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: 123.sfx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: 123.sfx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: 123.sfx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: 123.sfx.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: 123.sfx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: javaw.exe, 00000005.00000002.2269001419.000000006C603000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: javaw.exe, 00000005.00000002.2270463464.000000006FB37000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: javaw.exe, 00000005.00000002.2269001419.000000006C603000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: javaw.exe, 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: javaw.exe, 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: javaw.exe, 00000005.00000002.2268883373.000000006C5DD000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000005.00000002.2270578715.0000000073486000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000005.00000002.2267329282.000000006B334000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb< source: jp2iexp.dll.4.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.4.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe, javaw.exe, 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000005.00000000.2198336788.000000000003C000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge\WindowsAccessBridge.pdb source: WindowsAccessBridge.dll.4.dr
    Source: Binary string: msvcr100.i386.pdb source: javaw.exe, 00000005.00000002.2269872182.000000006C9F1000.00000020.00000001.01000000.0000000B.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: javaw.exe, 00000005.00000002.2270463464.000000006FB37000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb source: jp2iexp.dll.4.dr
    Source: Binary string: msvcr120.i386.pdb source: javaw.exe, javaw.exe, 00000005.00000002.2268577887.000000006C4A1000.00000020.00000001.01000000.00000012.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000005.00000002.2270326406.000000006E58A000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\deployJava1\obj\deployJava1.pdbL source: deployJava1.dll.4.dr
    Source: Binary string: msvcp120.i386.pdb source: javaw.exe, javaw.exe, 00000005.00000002.2268404042.000000006C421000.00000020.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe.4.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000005.00000002.2267424218.000000006B353000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000005.00000002.2267424218.000000006B353000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 123.sfx.exe
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\deployJava1\obj\deployJava1.pdb source: deployJava1.dll.4.dr
    Source: 123.sfx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: 123.sfx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: 123.sfx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: 123.sfx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: 123.sfx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_00024DC6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,5_2_00024DC6
    Source: C:\Users\user\Desktop\123.sfx.exeFile created: C:\Users\Public\__tmp_rar_sfx_access_check_5856031Jump to behavior
    Source: 123.sfx.exeStatic PE information: section name: .didat
    Source: 123.sfx.exeStatic PE information: section name: _RDATA
    Source: jfxwebkit.dll.4.drStatic PE information: section name: .unwante
    Source: prism_sw.dll.4.drStatic PE information: section name: _RDATA
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AC5156 push rsi; retf 0_2_00007FF704AC5157
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AC5166 push rsi; retf 0_2_00007FF704AC5167
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0003F8EC push cs; iretd 5_2_0003F9C2
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0003F9EE push cs; iretd 5_2_0003F9C2
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0002DB85 push ecx; ret 5_2_0002DB98
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0003FB9E push ebx; ret 5_2_0003FB9F
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_000307ED push edi; ret 5_2_000307EE
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B332EB5 push ecx; ret 5_2_6B332EC8
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B3523F5 push ecx; ret 5_2_6B352408
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B9648B5 push ecx; ret 5_2_6B9648C8
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B964026 push ecx; ret 5_2_6B964039
    Source: msvcr100.dll.4.drStatic PE information: section name: .text entropy: 6.90903234258047
    Source: msvcr120.dll.4.drStatic PE information: section name: .text entropy: 6.95576372950548
    Source: msvcr100.dll0.4.drStatic PE information: section name: .text entropy: 6.90903234258047
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jjs.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\pack200.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\sunec.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\ktab.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\resource.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jsound.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\nio.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\glass.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\kcms.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\net.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\bci.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\ssv.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\policytool.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\orbd.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\awt.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\zip.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaws.exeJump to dropped file
    Source: C:\Users\user\Desktop\123.sfx.exeFile created: C:\Users\Public\123.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\hprof.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\management.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\eula.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jli.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\lcms.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\kinit.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\instrument.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\deploy.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\npt.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\t2k.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jawt.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\rmid.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\unpack.dllJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\verify.dllJump to dropped file
    Source: C:\Users\user\Desktop\123.sfx.exeFile created: C:\Users\Public\123.exeJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\README.txtJump to behavior
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\Public\123.exeFile created: C:\Users\user\AppData\Roaming\RDBNT\jre\THIRDPARTYLICENSEREADME.txtJump to behavior

    Boot Survival

    barindex
    Source: C:\Users\user\Desktop\123.sfx.exeFile created: C:\Users\Public\123.exeJump to dropped file
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B9098E3 JDK_LoadSystemLibrary,JDK_LoadSystemLibrary,JDK_LoadSystemLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_6B9098E3
    Source: C:\Users\user\Desktop\123.sfx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\Public\123.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8CAD60 rdtsc 5_2_6B8CAD60
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jjs.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\pack200.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\sunec.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\ktab.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\resource.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\nio.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jsound.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\glass.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\kcms.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\net.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\bci.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\ssv.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\policytool.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\orbd.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\awt.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\zip.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaws.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\hprof.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\management.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\eula.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jli.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\lcms.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\kinit.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\instrument.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\deploy.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\npt.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\t2k.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jawt.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\verify.dllJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\rmid.exeJump to dropped file
    Source: C:\Users\Public\123.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\unpack.dllJump to dropped file
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeAPI coverage: 1.0 %
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B924604 GetKeyboardLayout followed by cmp: cmp ax, cx and CTI: jne 6B924627h5_2_6B924604
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B9572CE GetKeyboardLayout followed by cmp: cmp esi, eax and CTI: je 6B956C9Eh5_2_6B9572CE
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AAB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF704AAB190
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A940BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF704A940BC
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704ABFCA0 FindFirstFileExA,0_2_00007FF704ABFCA0
    Source: C:\Users\Public\123.exeCode function: 4_2_00402930 FindFirstFileW,4_2_00402930
    Source: C:\Users\Public\123.exeCode function: 4_2_004068D4 FindFirstFileW,FindClose,4_2_004068D4
    Source: C:\Users\Public\123.exeCode function: 4_2_00405C83 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,4_2_00405C83
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0002A3A5 __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,5_2_0002A3A5
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_00025225 FindFirstFileA,FindNextFileA,_strlen,_strlen,_strlen,_memmove,_memmove,FindClose,5_2_00025225
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AB16A4 VirtualQuery,GetSystemInfo,0_2_00007FF704AB16A4
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\RDBNT\jre\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\RDBNT\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\RDBNT\jre\lib\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
    Source: javaw.exe, 00000005.00000003.2199351401.0000000015066000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
    Source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: java/lang/VirtualMachineError
    Source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: Unable to link/verify VirtualMachineError class
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A33DE7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: d/gQemu
    Source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: ll{constant pool}code cache C-heap hand metaspace chunks dict zone strs syms heap threads [Verifying Genesis-2147483648Unable to link/verify Finalizer.register methodUnable to link/verify ClassLoader.addClass methodProtectionDomain.impliesCreateAccessControlContext() has the wrong linkageUnable to link/verify Unsafe.throwIllegalAccessError methodJava heap space: failed reallocation of scalar replaced objectsGC overhead limit exceededRequested array size exceeds VM limitCompressed class spaceJava heap spaceUnable to link/verify VirtualMachineError classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\arrayKlass.cpp[]guarantee(component_mirror()->klass() != NULL) failedshould have a classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\gc_interface/collectedHeap.inline.hpp - length: %dguarantee(a->length() >= 0) failedarray with negative length?guarantee(obj->is_array()) failedmust be arrayshould be klassguarantee(is_constantPool()) failedvtable restored by this call<pseudo-string> cache=0x%08x (extra) for /operands[%d]/preresolutionconstant pool [%d]A constant pool lockC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\constantPool.cppguarantee(!ConstantPool::is_invokedynamic_index(which)) failedan invokedynamic instruction does not have a klassRESOLVE %s %s
    Source: javaw.exe, 00000005.00000003.2199351401.0000000015066000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
    Source: javaw.exe, 00000005.00000002.2248220979.0000000002980000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cjava/lang/VirtualMachineError
    Source: javaw.exe, 00000005.00000002.2248220979.0000000002980000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t[Ljava/lang/VirtualMachineError;
    Source: javaw.exe, 00000005.00000003.2199351401.0000000015066000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: )Q+com/sun/corba/se/impl/util/SUNVMCID.classPK
    Source: javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: _well_known_klasses[SystemDictionary::VirtualMachineError_klass_knum]
    Source: 123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000003.2199351401.0000000015066000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
    Source: javaw.exe, 00000005.00000002.2248220979.0000000002980000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lVirtualMachineError.java
    Source: javaw.exe, 00000005.00000002.2247567961.0000000000DB0000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000007.00000003.2239494878.00000000034F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\Public\123.exeAPI call chain: ExitProcess graph end nodegraph_4-3231
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeAPI call chain: ExitProcess graph end nodegraph_5-77864

    Anti Debugging

    barindex
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_5-79140
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8CAD60 rdtsc 5_2_6B8CAD60
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AB76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF704AB76D8
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_00024DC6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,5_2_00024DC6
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AC0D20 GetProcessHeap,0_2_00007FF704AC0D20
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AB76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF704AB76D8
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AB3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF704AB3170
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AB3354 SetUnhandledExceptionFilter,0_2_00007FF704AB3354
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AB2510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF704AB2510
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0002D15B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_0002D15B
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_000296E8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_000296E8
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0002EF37 SetUnhandledExceptionFilter,5_2_0002EF37
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B332E44 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,5_2_6B332E44
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B351A72 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,5_2_6B351A72
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B963E32 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,5_2_6B963E32
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeMemory protected: page read and write | page guardJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AAB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF704AAB190
    Source: C:\Users\user\Desktop\123.sfx.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\users\public\123.exeJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\123.exe C:\users\public\123.exeJump to behavior
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall set domainprofile state offJump to behavior
    Source: C:\Users\Public\123.exeProcess created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe "c:\users\user\appdata\roaming\rdbnt\jre\bin\javaw.exe" -duser.language=en -duser.country=us -dfile.encoding=utf-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncher
    Source: C:\Users\Public\123.exeProcess created: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe "c:\users\user\appdata\roaming\rdbnt\jre\bin\javaw.exe" -duser.language=en -duser.country=us -dfile.encoding=utf-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncherJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AC58E0 cpuid 0_2_00007FF704AC58E0
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF704AAA2CC
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: GetLocaleInfoW,_wtoi,GetACP,5_2_6B9469B7
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: _Java_sun_awt_windows_WPageDialogPeer__1show@8,__EH_prolog3_catch,memset,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wcscmp,free,GlobalLock,_control87,_control87,_control87,_control87,GlobalUnlock,_CxxThrowException,GlobalLock,GlobalUnlock,5_2_6B94EC97
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: _Java_sun_awt_windows_WPrinterJob_getDefaultPage@12,__EH_prolog3_catch,GlobalLock,_wcsdup,GlobalUnlock,free,GlobalFree,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wcscmp,free,GlobalFree,free,GlobalUnlock,_CxxThrowException,5_2_6B94F11E
    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704AB0754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF704AB0754
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_0003819A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,SetOaNoCache,5_2_0003819A
    Source: C:\Users\user\Desktop\123.sfx.exeCode function: 0_2_00007FF704A951A4 GetVersionExW,0_2_00007FF704A951A4
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Lowering of HIPS / PFW / Operating System Security Settings

    barindex
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall set domainprofile state off
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall set domainprofile state off
    Source: 123.sfx.exe, 00000000.00000003.2119187312.0000015A2F4F3000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000003.2066101127.0000015A333E4000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000002.2121985700.0000015A2F4FD000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000003.2115611275.0000015A2F4F6000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000003.2117321371.0000015A2F4F9000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000003.2117043387.0000015A2F4F9000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000003.2066321869.0000015A2F4FD000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000003.2065221967.0000015A32AE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Setup=cmd.exe /c C:\users\public\123.exe
    Source: 123.sfx.exe, 00000000.00000003.2120112332.0000015A2F4C7000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000002.2121493332.0000015A2F4C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "C:\Windows\System32\cmd.exe" /c C:\users\public\123.exe
    Source: 123.sfx.exe, 00000000.00000002.2121493332.0000015A2F4AC000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000003.2120112332.0000015A2F4AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cmd.exe /c C:\users\public\123.exe
    Source: 123.sfx.exe, 00000000.00000002.2121493332.0000015A2F4AC000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000003.2120112332.0000015A2F4AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cmd.exe/c C:\users\public\123.exe
    Source: 123.exe, 00000004.00000002.2199868006.0000000000700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\users\public\123.exe
    Source: 123.sfx.exe, 00000000.00000002.2121493332.0000015A2F4AC000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000002.2122913601.0000015A354C2000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000003.2120112332.0000015A2F4AC000.00000004.00000020.00020000.00000000.sdmp, 123.sfx.exe, 00000000.00000003.2119267219.0000015A354C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /c C:\users\public\123.exe
    Source: 123.exe, 00000004.00000002.2199868006.0000000000708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Drh3rsers\public\123.exe

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 6508, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 6508, type: MEMORYSTR
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B8C8450 ?NotifyAdapterEventListeners@D3DPipelineManager@@SAXIJ@Z,_JNU_GetEnv@8,JNU_CallStaticMethodByName,5_2_6B8C8450
    Source: C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exeCode function: 5_2_6B909F36 _Java_sun_awt_shell_Win32ShellFolder2_bindToObject@24,5_2_6B909F36
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Native API
    1
    DLL Side-Loading
    1
    Exploitation for Privilege Escalation
    21
    Disable or Modify Tools
    11
    Input Capture
    2
    System Time Discovery
    Remote Services11
    Archive Collected Data
    1
    Web Service
    Exfiltration Over Other Network Medium1
    Data Encrypted for Impact
    CredentialsDomainsDefault Accounts13
    Command and Scripting Interpreter
    Boot or Logon Initialization Scripts1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    LSASS Memory3
    File and Directory Discovery
    Remote Desktop Protocol11
    Input Capture
    22
    Encrypted Channel
    Exfiltration Over Bluetooth1
    System Shutdown/Reboot
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Access Token Manipulation
    3
    Obfuscated Files or Information
    Security Account Manager46
    System Information Discovery
    SMB/Windows Admin Shares1
    Clipboard Data
    1
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
    Process Injection
    1
    Install Root Certificate
    NTDS141
    Security Software Discovery
    Distributed Component Object ModelInput Capture2
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
    Software Packing
    LSA Secrets1
    Virtualization/Sandbox Evasion
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading
    Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items121
    Masquerading
    DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion
    Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    Access Token Manipulation
    /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
    Process Injection
    Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1513331 Sample: 123.sfx.exe Startdate: 18/09/2024 Architecture: WINDOWS Score: 80 40 pastebin.com 2->40 42 15.164.165.52.in-addr.arpa 2->42 44 google.com 2->44 50 Yara detected STRRAT 2->50 52 AI detected suspicious sample 2->52 54 Sigma detected: Execution from Suspicious Folder 2->54 11 123.sfx.exe 5 2->11         started        signatures3 56 Connects to a pastebin service (likely for C&C) 40->56 process4 file5 38 C:\Users\Public\123.exe, PE32 11->38 dropped 64 Drops PE files to the user root directory 11->64 66 Drops large PE files 11->66 15 cmd.exe 1 11->15         started        signatures6 process7 process8 17 123.exe 249 15->17         started        20 conhost.exe 15->20         started        file9 30 C:\Users\user\AppData\Roaming\...\zip.dll, PE32 17->30 dropped 32 C:\Users\user\AppData\...\wsdetect.dll, PE32 17->32 dropped 34 C:\Users\user\AppData\...\w2k_lsa_auth.dll, PE32 17->34 dropped 36 90 other files (none is malicious) 17->36 dropped 22 javaw.exe 23 17->22         started        process10 dnsIp11 46 pastebin.com 104.20.3.235, 443, 49708, 49710 CLOUDFLARENETUS United States 22->46 48 google.com 142.250.185.238, 49709, 80 GOOGLEUS United States 22->48 58 Found API chain indicative of debugger detection 22->58 60 Uses netsh to modify the Windows network and firewall settings 22->60 62 Modifies the windows firewall 22->62 26 netsh.exe 2 22->26         started        signatures12 process13 process14 28 conhost.exe 26->28         started       

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    No Antivirus matches
    SourceDetectionScannerLabelLink
    C:\Users\Public\123.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JAWTAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JAWTAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JavaAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JavaAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\WindowsAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\WindowsAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\awt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\bci.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\client\jvm.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dcpr.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\decora_sse.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\deploy.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dt_shmem.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dt_socket.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dtplugin\deployJava1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\dtplugin\npdeployJava1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\eula.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\fontmanager.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\fxplugins.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\glass.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\glib-lite.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\gstreamer-lite.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\hprof.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\instrument.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\j2pcsc.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\j2pkcs11.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jaas_nt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jabswitch.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java-rmi.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\java_crw_demo.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javacpl.cpl0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javacpl.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javafx_font.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javafx_font_t2k.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javafx_iio.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaws.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jawt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jdwp.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jfr.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jfxmedia.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jfxwebkit.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jjs.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jli.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2iexp.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2launcher.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2native.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jp2ssv.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jpeg.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jsdt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jsound.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\jsoundds.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\kcms.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\keytool.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\kinit.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\klist.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\ktab.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\lcms.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\management.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\mlib_image.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\msvcp120.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\msvcr100.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\RDBNT\jre\bin\msvcr120.dll0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    http://apache.org/xml/properties/schema/external-schemaLocationJ0%Avira URL Cloudsafe
    http://apache.org/xml/features/scanner/notify-char-refs0%Avira URL Cloudsafe
    http://apache.org/xml/properties/internal/entity-manager0%Avira URL Cloudsafe
    http://apache.org/xml/features/validation/schema:0%Avira URL Cloudsafe
    https://www.nic.cd/domain/insertDomain_2.jsp?act=10%Avira URL Cloudsafe
    http://apache.org/xml/features/xinclude/fixup-base-uris0%Avira URL Cloudsafe
    HTTP://WWW.CHAMBERSIGN.ORG0%Avira URL Cloudsafe
    http://apache.org/xml/features/internal/parser-settings0%Avira URL Cloudsafe
    http://www.domains.ph/FAQ2.asp0%Avira URL Cloudsafe
    http://www.chambersign.org10%Avira URL Cloudsafe
    http://www.dot.kn/domainRules.html0%Avira URL Cloudsafe
    http://psg.com/dns/ng/0%Avira URL Cloudsafe
    http://apache.org/xml/properties/internal/symbol-table60%Avira URL Cloudsafe
    http://policy.camerfirma.com00%Avira URL Cloudsafe
    http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace30%Avira URL Cloudsafe
    http://tld.by/rules_2006_en.html0%Avira URL Cloudsafe
    http://apache.org/xml/properties/dom/current-element-node70%Avira URL Cloudsafe
    http://apache.org/xml/features/continue-after-fatal-error0%Avira URL Cloudsafe
    http://www.nic.ps/registration/policy.html#reg0%Avira URL Cloudsafe
    http://www.gobin.info/domainname/ml-template.doc0%Avira URL Cloudsafe
    http://apache.org/xml/features/standard-uri-conformant0%Avira URL Cloudsafe
    http://apache.org/xml/properties/internal/document-scanner0%Avira URL Cloudsafe
    http://www.oracle.com/hotspot/jdk/0%Avira URL Cloudsafe
    http://www.nic.sl0%Avira URL Cloudsafe
    http://psg.com/dns/lr/lr.txt0%Avira URL Cloudsafe
    http://bugreport.sun.com/bugreport/0%Avira URL Cloudsafe
    http://www.certplus.com/CRL/class2.crl0%Avira URL Cloudsafe
    http://whois.ati.tn/0%Avira URL Cloudsafe
    http://www.gobin.info/domainname/bw.doc0%Avira URL Cloudsafe
    http://java.oracle.com/0%Avira URL Cloudsafe
    http://www.nic.pa/0%Avira URL Cloudsafe
    http://www.oracle.com/technetwork/java/javaseproducts/C:0%Avira URL Cloudsafe
    http://www.symauth.com/cps0(0%Avira URL Cloudsafe
    http://apache.org/xml/features/0%Avira URL Cloudsafe
    http://www.cctld.ru/ru/docs/aktiv_8.php0%Avira URL Cloudsafe
    http://www.certplus.com/CRL/class3P.crl0%Avira URL Cloudsafe
    http://www.oracle.com/hotspot/jvm/file-io-threshold0%Avira URL Cloudsafe
    http://nic.gl0%Avira URL Cloudsafe
    http://www.unicode.org/cldr/data/.0%Avira URL Cloudsafe
    http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only0%Avira URL Cloudsafe
    http://javax.xml.transform.sax.SAXTransformerFactory/feature0%Avira URL Cloudsafe
    http://java.sun.com/xml/stream/properties/$0%Avira URL Cloudsafe
    http://xml.org/sax/features/string-interningfeature0%Avira URL Cloudsafe
    http://apache.org/xml/features/namespace-growth;0%Avira URL Cloudsafe
    http://www.cctld.nc/0%Avira URL Cloudsafe
    http://www.symauth.com/rpa000%Avira URL Cloudsafe
    http://www.nic.hn/politicas/ps020%Avira URL Cloudsafe
    http://javax.xml.XMLConstants/property/accessExternalStylesheet0%Avira URL Cloudsafe
    https://grweb.ics.forth.gr/english/1617-B-2005.html0%Avira URL Cloudsafe
    https://javadl.oracle.com/webapps/download/AutoDL%s?BundleId=%s%s0%Avira URL Cloudsafe
    http://apache.org/xml/properties/security-manager0%Avira URL Cloudsafe
    http://xml.org/sax/features/validation?0%Avira URL Cloudsafe
    http://www.oracle.com/hotspot/jvm/0%Avira URL Cloudsafe
    http://xml.apache.org/xslt0%Avira URL Cloudsafe
    http://apache.org/xml/features/validation/warn-on-duplicate-attdef:0%Avira URL Cloudsafe
    http://www.norid.no/regelverk/vedlegg-d.en.html0%Avira URL Cloudsafe
    http://www.gobin.info/domainname/mz-template.doc0%Avira URL Cloudsafe
    http://www.ict.gov.qa/0%Avira URL Cloudsafe
    http://javax.xml.transform.stax.StAXResult/feature0%Avira URL Cloudsafe
    http://www.linuxnet.com0%Avira URL Cloudsafe
    http://apache.org/xml/features/namespaces0%Avira URL Cloudsafe
    http://www.centralnic.com/names/domains0%Avira URL Cloudsafe
    http://apache.org/xml/features/xinclude0%Avira URL Cloudsafe
    http://javax.xml.XMLConstants/property/0%Avira URL Cloudsafe
    http://www.sbnic.net.sb/0%Avira URL Cloudsafe
    https://javadl.oracle.com/webapps/download/AutoDL%s?BundleId=%surl%s%stmp1.8%s.0%s0%Avira URL Cloudsafe
    http://www.isoc.sd/sudanic.isoc.sd/billing_pricing.htm0%Avira URL Cloudsafe
    http://www.nic.gp/index.php?lang=en0%Avira URL Cloudsafe
    http://apache.org/xml/properties/locale0%Avira URL Cloudsafe
    http://nic.ae/english/arabicdomain/rules.jsp0%Avira URL Cloudsafe
    http://openjdk.java.net/jeps/220).0%Avira URL Cloudsafe
    http://java.sun.com/xml/stream/properties/reader-in-defined-state0%Avira URL Cloudsafe
    http://www.nic.net.sg/sub_policies_agreement/2ld.html0%Avira URL Cloudsafe
    http://www.quovadisglobal.com/cps00%Avira URL Cloudsafe
    http://www.isnic.is/domain/rules.php0%Avira URL Cloudsafe
    http://www.afnic.fr/obtenir/chartes/nommage-fr/annexe-descriptifs0%Avira URL Cloudsafe
    http://www.nic.priv.at/0%Avira URL Cloudsafe
    http://hoster.by/0%Avira URL Cloudsafe
    http://apache.org/xml/properties/internal/validator/dtdD0%Avira URL Cloudsafe
    http://www.oracle.com/feature/use-service-mechanism0%Avira URL Cloudsafe
    http://online.dns.pt/dns/start_dns0%Avira URL Cloudsafe
    http://javax.xml.transform.stream.StreamSource/feature0%Avira URL Cloudsafe
    http://dns.marnet.net.mk/postapka.php0%Avira URL Cloudsafe
    http://www.nic.sc/0%Avira URL Cloudsafe
    http://samoanic.ws/index.dhtml0%Avira URL Cloudsafe
    http://www.nic.mx/0%Avira URL Cloudsafe
    http://www.nic.tj/policy.htm0%Avira URL Cloudsafe
    http://www.unicode.org/reports/0%Avira URL Cloudsafe
    http://javax.xml.transform.dom.DOMSource/feature0%Avira URL Cloudsafe
    http://www.quovadisglobal.com/cps0%Avira URL Cloudsafe
    http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0%Avira URL Cloudsafe
    http://apache.org/xml/properties/dom/document-class-name0%Avira URL Cloudsafe
    http://www.registrar.mw/0%Avira URL Cloudsafe
    http://www.dot.mp/0%Avira URL Cloudsafe
    http://www.dns.lu/en/0%Avira URL Cloudsafe
    http://www.nic.cr/niccr_publico/showRegistroDominiosScreen.do0%Avira URL Cloudsafe
    http://apache.org/xml/properties/internal/symbol-table0%Avira URL Cloudsafe
    http://about.museum/naming/0%Avira URL Cloudsafe
    http://apache.org/xml/features/xincludeC0%Avira URL Cloudsafe
    http://www.y.net.ye/services/domain_name.htm0%Avira URL Cloudsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    google.com
    142.250.185.238
    truefalse
      unknown
      pastebin.com
      104.20.3.235
      truetrue
        unknown
        15.164.165.52.in-addr.arpa
        unknown
        unknowntrue
          unknown
          NameSourceMaliciousAntivirus DetectionReputation
          http://www.domains.ph/FAQ2.asp123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.chambersign.org1123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2249415666.000000000513A000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          HTTP://WWW.CHAMBERSIGN.ORGjavaw.exe, 00000005.00000002.2249415666.0000000004D96000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/properties/internal/entity-managerjavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/internal/parser-settingsjavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/xinclude/fixup-base-urisjavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/validation/schema:javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://www.nic.cd/domain/insertDomain_2.jsp?act=1123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/properties/schema/external-schemaLocationJjavaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/scanner/notify-char-refsjavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://psg.com/dns/ng/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.dot.kn/domainRules.html123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/properties/internal/symbol-table6javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://policy.camerfirma.com0123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/properties/dom/current-element-node7javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://tld.by/rules_2006_en.html123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.gobin.info/domainname/ml-template.doc123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.nic.ps/registration/policy.html#reg123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/continue-after-fatal-errorjavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/standard-uri-conformantjavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/properties/internal/document-scannerjavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://psg.com/dns/lr/lr.txt123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.nic.sl123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.oracle.com/hotspot/jdk/123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.certplus.com/CRL/class2.crljavaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AC6A000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2249415666.000000000513A000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://bugreport.sun.com/bugreport/javaw.exe, javaw.exe, 00000005.00000002.2269001419.000000006C603000.00000002.00000001.01000000.0000000E.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A237000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://whois.ati.tn/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.gobin.info/domainname/bw.doc123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://java.oracle.com/javaw.exe, javaw.exe, 00000005.00000002.2253255940.000000000A23F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2269001419.000000006C603000.00000002.00000001.01000000.0000000E.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.nic.pa/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/javaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.cctld.ru/ru/docs/aktiv_8.php123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.oracle.com/technetwork/java/javaseproducts/C:javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.symauth.com/cps0(jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drfalse
          • Avira URL Cloud: safe
          unknown
          http://www.oracle.com/hotspot/jvm/file-io-threshold123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://nic.gl123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.certplus.com/CRL/class3P.crljavaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.unicode.org/cldr/data/.THIRDPARTYLICENSEREADME.txt.4.drfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyjavaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://xml.org/sax/features/string-interningfeaturejavaw.exe, 00000005.00000002.2260108258.00000000159B1000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.cctld.nc/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/namespace-growth;javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.nic.hn/politicas/ps02123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.symauth.com/rpa00jp2iexp.dll.4.dr, unpack200.exe.4.dr, WindowsAccessBridge.dll.4.dr, java.exe.4.drfalse
          • Avira URL Cloud: safe
          unknown
          http://java.sun.com/xml/stream/properties/$javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://javax.xml.transform.sax.SAXTransformerFactory/featurejavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://javax.xml.XMLConstants/property/accessExternalStylesheetjavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://grweb.ics.forth.gr/english/1617-B-2005.html123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://javadl.oracle.com/webapps/download/AutoDL%s?BundleId=%s%sdeployJava1.dll.4.drfalse
          • Avira URL Cloud: safe
          unknown
          http://xml.org/sax/features/validation?javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/properties/security-managerjavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.gobin.info/domainname/mz-template.doc123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://xml.apache.org/xsltjavaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.oracle.com/hotspot/jvm/123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.norid.no/regelverk/vedlegg-d.en.html123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://javax.xml.transform.stax.StAXResult/featurejavaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/validation/warn-on-duplicate-attdef:javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.ict.gov.qa/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.linuxnet.comTHIRDPARTYLICENSEREADME.txt.4.drfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/namespacesjavaw.exe, 00000005.00000002.2260108258.00000000159B1000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.centralnic.com/names/domains123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/xincludejavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://javax.xml.XMLConstants/property/javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.isoc.sd/sudanic.isoc.sd/billing_pricing.htm123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.nic.gp/index.php?lang=en123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.sbnic.net.sb/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://javadl.oracle.com/webapps/download/AutoDL%s?BundleId=%surl%s%stmp1.8%s.0%sdeployJava1.dll.4.drfalse
          • Avira URL Cloud: safe
          unknown
          http://openjdk.java.net/jeps/220).javaw.exe, 00000005.00000002.2269300906.000000006C8E1000.00000002.00000001.01000000.0000000C.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://nic.ae/english/arabicdomain/rules.jsp123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/properties/localejavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://java.sun.com/xml/stream/properties/reader-in-defined-statejavaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.nic.net.sg/sub_policies_agreement/2ld.html123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.quovadisglobal.com/cps0123.sfx.exe, 00000000.00000003.2111743157.0000015A347E7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2253255940.000000000A9E5000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.isnic.is/domain/rules.php123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.afnic.fr/obtenir/chartes/nommage-fr/annexe-descriptifs123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.nic.priv.at/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/properties/internal/validator/dtdDjavaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://hoster.by/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.oracle.com/feature/use-service-mechanismjavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://dns.marnet.net.mk/postapka.php123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://online.dns.pt/dns/start_dns123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://javax.xml.transform.stream.StreamSource/featurejavaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.nic.sc/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://samoanic.ws/index.dhtml123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.nic.mx/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://javax.xml.transform.dom.DOMSource/featurejavaw.exe, 00000005.00000002.2253255940.000000000A6B0000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.0000000015086000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.nic.tj/policy.htm123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.unicode.org/reports/THIRDPARTYLICENSEREADME.txt.4.drfalse
          • Avira URL Cloud: safe
          unknown
          http://www.dot.mp/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.quovadisglobal.com/cpsjavaw.exe, 00000005.00000002.2253255940.000000000AA98000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.registrar.mw/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/properties/dom/document-class-namejavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespacejavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.dns.lu/en/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.nic.cr/niccr_publico/showRegistroDominiosScreen.do123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/properties/internal/symbol-tablejavaw.exe, 00000005.00000002.2253255940.000000000A5DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.2258519141.00000000151A9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://about.museum/naming/123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.y.net.ye/services/domain_name.htm123.sfx.exe, 00000000.00000003.2111743157.0000015A333E7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://apache.org/xml/features/xincludeCjavaw.exe, 00000005.00000002.2260108258.00000000157EC000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          104.20.3.235
          pastebin.comUnited States
          13335CLOUDFLARENETUStrue
          142.250.185.238
          google.comUnited States
          15169GOOGLEUSfalse
          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1513331
          Start date and time:2024-09-18 18:26:10 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 9m 20s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:10
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:123.sfx.exe
          Detection:MAL
          Classification:mal80.troj.evad.winEXE@11/218@4/2
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 99%
          • Number of executed functions: 112
          • Number of non-executed functions: 204
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Stop behavior analysis, all processes terminated
          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing disassembly code.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: 123.sfx.exe
          No simulations
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          104.20.3.235SX8OLQP63C.exeGet hashmaliciousVjW0rm, AsyncRAT, RATDispenserBrowse
          • pastebin.com/raw/V9y5Q5vv
          sostener.vbsGet hashmaliciousRemcosBrowse
          • pastebin.com/raw/V9y5Q5vv
          New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
          • pastebin.com/raw/NsQ5qTHr
          Invoice-883973938.jsGet hashmaliciousWSHRATBrowse
          • pastebin.com/raw/NsQ5qTHr
          2024 12_59_31 a.m..jsGet hashmaliciousWSHRATBrowse
          • pastebin.com/raw/NsQ5qTHr
          PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
          • pastebin.com/raw/NsQ5qTHr
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          pastebin.comSKMBT88122024816310TD01202817311 .vbsGet hashmaliciousRemcosBrowse
          • 104.20.3.235
          Payment Advice.pdf.jsGet hashmaliciousRemcosBrowse
          • 172.67.19.24
          SKMBT_77122024816310TD01_20220128_17311 .vbsGet hashmaliciousRemcosBrowse
          • 172.67.19.24
          file.exeGet hashmaliciousXWormBrowse
          • 104.20.3.235
          stub.exeGet hashmaliciousAsyncRATBrowse
          • 104.20.3.235
          SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exeGet hashmaliciousUnknownBrowse
          • 104.20.4.235
          SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dllGet hashmaliciousMetasploitBrowse
          • 104.20.4.235
          SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dllGet hashmaliciousMetasploitBrowse
          • 104.20.3.235
          SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeGet hashmaliciousUnknownBrowse
          • 104.20.4.235
          OTPAuthenticator.wsfGet hashmaliciousAsyncRATBrowse
          • 104.20.3.235
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          CLOUDFLARENETUShttps://25625895-1256460.renderforestsites.com/Get hashmaliciousUnknownBrowse
          • 104.26.4.228
          https://jimdo-storage.global.ssl.fastly.net/file/b654e430-210e-4d3f-8028-5dba8182e65e/saxugulafovelogov.pdfGet hashmaliciousUnknownBrowse
          • 104.26.2.174
          https://sporadictrain.com/0/0/0/04ebf7f9c501921752b6ba11e7fa51e8/9b-3042209-11487937-198113-14100-/527524137Get hashmaliciousUnknownBrowse
          • 1.1.1.1
          https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/d%C2%ADo%C2%ADm%C2%ADin%C2%ADi%C2%ADo%C2%ADn%C2%ADw%C2%ADh%C2%ADe%C2%ADe%C2%ADl%C2%ADs%C2%ADg%C2%ADr%C2%ADo%C2%ADu%C2%ADp%C2%AD.%C2%ADc%C2%ADom/cxGet hashmaliciousHTMLPhisherBrowse
          • 104.17.25.14
          https://lookerstudio.google.com/s/kUeEbpcqsIgGet hashmaliciousHTMLPhisherBrowse
          • 104.17.25.14
          https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/m%C2%ADi%C2%ADt%C2%ADr%C2%ADak%C2%ADar%C2%ADya%C2%ADja%C2%ADpi%C2%ADn%C2%ADd%C2%ADo%C2%AD.%C2%ADc%C2%ADom/rcGet hashmaliciousHTMLPhisherBrowse
          • 104.17.25.14
          https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFmLpE8ts6lIhlcp51U7e2yf5B7vy3w1nK73JNWvmz6hjypwv_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZN-2ByJ1Sr8faXo4uvobQEBcsjHY7wdwonNuOIBa-2B-2FBrFw-2BCZCtMlAhS4SXAp73B5pNq-2Bgh7BWfayUcQGDVvSNiUaaQcT1rWptsP9EAFj-2F-2Fo1hp4YiQWgbr3qzFuLY0VFlimwxByUHGZTypjmSN-2BJxzBcSxuyDN7KCpiRToussGLp-2F8Bv-2BnRQRWB2LMljOPGUDPoR-2BZ5TErAqqZIj7v5CU9ZXcq0uM1AYadswQu6P6QVmADKlcX6DM9Q2LldlXvmCQvY-3D#cHBvc29sdXRpb25zQHVuaXRhc2RlbnRhbC5jb20=Get hashmaliciousUnknownBrowse
          • 188.114.96.3
          https://www.google.md/url?url=https://demeropkdfzdbi&uxzs=zemleptc&icmeyuc=zn0&ywprgz=icmeyuc&uxzs=zemleptc&ywprgz=icmeyuc&fzdbi=demeropkd&znzn=ywprgzuxzs&q=amp%2F%73%75%67%61%72%72%65%73%2E%6C%6B%2F%6C%6F%6A%2F2288679500%2FYnlyb24uYmxvdGNreUBjb21tZXJjZWJhbmsuY29tGet hashmaliciousHTMLPhisherBrowse
          • 104.17.25.14
          Payment_Release-Now cnesst.gouv.qc.ca.htmlGet hashmaliciousUnknownBrowse
          • 1.1.1.1
          https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/p%C2%ADep%C2%ADe%C2%ADm%C2%ADu%C2%ADj%C2%ADi%C2%ADc%C2%ADa%C2%AD.%C2%ADc%C2%ADom/hjGet hashmaliciousUnknownBrowse
          • 104.21.7.172
          No context
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          C:\Users\user\AppData\Roaming\RDBNT\jre\bin\JAWTAccessBridge-32.dllEYOFFTITMDLXZJFFCCGFDTBIY.msiGet hashmaliciousUnknownBrowse
            SSCBOLGZFXVJMEICRNQMJOCDIF.msiGet hashmaliciousUnknownBrowse
              BOCTGZXINFFCD20242108.msiGet hashmaliciousUnknownBrowse
                PGCTGZXFCD20242008.msiGet hashmaliciousUnknownBrowse
                  CloudInstaller.zipGet hashmaliciousUnknownBrowse
                    uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                      uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                        Advanced_IP_Scanner_2.5.4594.1 (1).exeGet hashmaliciousUnknownBrowse
                          New Soft Update.exeGet hashmaliciousUnknownBrowse
                            https://uceg-klom.us21.list-manage.com/track/click?u=9b882a29c7ab3b3f6381abd18&id=56bb8add24&e=4fba4902f9xGet hashmaliciousUnknownBrowse
                              Process:C:\Users\user\Desktop\123.sfx.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                              Category:dropped
                              Size (bytes):161739843
                              Entropy (8bit):6.708675118449867
                              Encrypted:false
                              SSDEEP:1572864:HQAcje4a6u24/Zcv/GhiQs0GZTjjY1UWB4Lcnpw:HQNJa61b5Tjj/5Lc+
                              MD5:8A5D3B7370D1B880AD305C1691CDBE77
                              SHA1:0BEBCCC689A56E6D8840303C0F91113AA227CD64
                              SHA-256:409B326646FBA9133794167D385A91518A40B4A4DCE375A0006FAA113F9C6770
                              SHA-512:9E49774A8A8BE53D3A9F43F9BB7365924A70599C005980350EC978A55E9D38CDD383AEE985486EC6DDF01DF5457FD985ED8B445FAFF5364D7674C6B6A8A49512
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................j..........R5............@.......................................@..........................................................................................................................................................text....h.......j.................. ..`.rdata..d............n..............@..@.data...............................@....ndata.......P...........................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):58
                              Entropy (8bit):4.805919788081816
                              Encrypted:false
                              SSDEEP:3:oNUkh4EaKC5Rrx5YyvMjSRy:oN9aZ5dwy0
                              MD5:72896D073A78346ACEEF037552D9921E
                              SHA1:804E146C09DACBC3B97D341998D8DA20CE6E6713
                              SHA-256:D4661835EE33B680C2E092C9862846C85475808292A689F8600437668C206730
                              SHA-512:1EE8070D286DBCEF1F2F40F2A33DA63D3EA440A7A264B5CAF2D09947D4E86684528BFCE92B07FEAF22A1893B1060DDD24A0B2F86E3CB2ED8FE708758DF83D3FB
                              Malicious:false
                              Reputation:low
                              Preview:C:\Users\user\AppData\Roaming\RDBNT\jre..1726676837274..
                              Process:C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65536
                              Entropy (8bit):1.3477203361539847
                              Encrypted:false
                              SSDEEP:192:14v8G6O1CcF5A0nmhIrPyPrvn0qPePLPwPWPdPsPpGb:K8PO1CcF59CE6jDmTIuFkx4
                              MD5:2C90E46F528E2EF29DDECCE3F06A9AE5
                              SHA1:4535069F8BA38FF4ABDDD98793EA80B7598ADB6E
                              SHA-256:E9EE5CBAD8B45BDA7F481E861100855B234AABA2965FBF9E5B35D30BECDF1760
                              SHA-512:6F31C4907D37C7C53031837FB60B708E67047F3CC50B00C904BC9125DB38A2C706D94824C3A8E94D797F8920D9B5DCB4B7634B4FF3432E7DC44A76EA9D4F768D
                              Malicious:false
                              Reputation:low
                              Preview:.........:.......c...... .......8...........J...0...sun.rt._sync_Inflations...../.......8...........J...0...sun.rt._sync_Deflations.....+.......@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..1.......@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..,.......8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...
                              Process:C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):45
                              Entropy (8bit):0.9111711733157262
                              Encrypted:false
                              SSDEEP:3:/lwlt7n:WNn
                              MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                              SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                              SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                              SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                              Malicious:false
                              Reputation:high, very likely benign file
                              Preview:........................................J2SE.
                              Process:C:\Users\Public\123.exe
                              File Type:ISO-8859 text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):3313
                              Entropy (8bit):4.557128068430301
                              Encrypted:false
                              SSDEEP:96:a58tiSm9iicC7CRRS9i7cq11iUDcsMLks0h9n:WOi59rcF/Cigq11iUD5MLks0z
                              MD5:FC605D978E7825595D752DF2EF03F8AF
                              SHA1:C493C9541CAAEE4BFE3B3E48913FD9DF7809299F
                              SHA-256:7D697EAA9ACF50FE0B57639B3C62FF02916DA184F191944F49ECA93D0BB3374F
                              SHA-512:FB811DE6A2B36B28CA904224EA3525124BD4628CA9618C70EB9234AB231A09C1B1F28D9B6301581A4FA2E20F1036D5E1C3D6F1BF316C7FE78EF6EDEAE50EA40E
                              Malicious:false
                              Preview:Copyright . 1993, 2016, Oracle and/or its affiliates...All rights reserved.....This software and related documentation are provided under a..license agreement containing restrictions on use and..disclosure and are protected by intellectual property laws...Except as expressly permitted in your license agreement or..allowed by law, you may not use, copy, reproduce, translate,..broadcast, modify, license, transmit, distribute, exhibit,..perform, publish, or display any part, in any form, or by..any means. Reverse engineering, disassembly, or..decompilation of this software, unless required by law for..interoperability, is prohibited.....The information contained herein is subject to change..without notice and is not warranted to be error-free. If you..find any errors, please report them to us in writing.....If this is software or related documentation that is..delivered to the U.S. Government or anyone licensing it on..behalf of the U.S. Government, the following notice is..applicable:...
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):41
                              Entropy (8bit):4.271470906740504
                              Encrypted:false
                              SSDEEP:3:c3AXFshzhRSkv:c9hzhgkv
                              MD5:67CB88F6234B6A1F2320A23B197FA3F6
                              SHA1:877ACEBA17B28CFFF3F5DF664E03B319F23767A1
                              SHA-256:263E21F4B43C118A8B4C07F1A8ACB11CAFC232886834433E34187F5663242360
                              SHA-512:4D43E5EDECAB92CEBD853204C941327DCCBFD071A71F066C12F7FB2F1B2DEF59C37A15CE05C4FE06EC2EA296B8630C4E938254A8A92E149E4A0A82C4307D648F
                              Malicious:false
                              Preview:Please refer to http://java.com/license..
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):47
                              Entropy (8bit):4.2563005536211715
                              Encrypted:false
                              SSDEEP:3:c3AXFshzhRSkjn:c9hzhgkjn
                              MD5:4BDA1F1B04053DCFE66E87A77B307BB1
                              SHA1:B8B35584BE24BE3A8E1160F97B97B2226B38FA7D
                              SHA-256:FD475B1619675B9FB3F5CD11D448B97EDDEE8D1F6DDCCA13DED8BC6E0CAA9CF3
                              SHA-512:997CEE676018076E9E4E94D61EC94D5B69B148B3152A0148E70D0BE959533A13AD0BC1E8B43268F91DB08B881BF5050A6D5C157D456597260A2B332A48068980
                              Malicious:false
                              Preview:Please refer to http://java.com/licensereadme..
                              Process:C:\Users\Public\123.exe
                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):111645
                              Entropy (8bit):4.8590909329531025
                              Encrypted:false
                              SSDEEP:1536:iiVRF8bLuepEvc5O5YwT3JJ4WOHHA/AFjrlHyEepdfZ9JIH4gDq:dRMiCOjJJ4pg/0Hx9MlZ9KH47
                              MD5:0E05BD8B9BFCF17F142445D1F8C6561C
                              SHA1:CF0A9F4040603008891AA0731ABF89CE2403F2FB
                              SHA-256:C3EA3996241B8E9AE7DB3780E470174076FD2003D8AEFAA77BF0BAB5E04DE050
                              SHA-512:07C7865D31D22BA0C68E384AFEDC22261F7B3A82BEBC9324145FF7F631623ECA2DC31C71CDBBFC9FEBC1733451A095302DE2A0877821A5B68038E350969BF460
                              Malicious:false
                              Preview:.DO NOT TRANSLATE OR LOCALIZE....***************************************************************************....%%The following software may be included in this product:..Microsoft DirectShow - Base Classes....Use of any of this software is governed by the terms of the license below:....MSDN - Information on Terms of Use....Updated: February 13, 2008....ON THIS PAGE.... * ACCEPTANCE OF TERMS.. * PRIVACY AND PROTECTION OF PERSONAL INFORMATION.. * NOTICE SPECIFIC TO APIs AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO SOFTWARE AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO DOCUMENTATION AVAILABLE ON THIS WEB SITE.. * NOTICES REGARDING SOFTWARE, DOCUMENTATION, APIS AND SERVICES AVAILABLE ON..THIS WEB SITE.. * RESERVATION OF RIGHTS.. * MEMBER ACCOUNT, PASSWORD, AND SECURITY.. * NO UNLAWFUL OR PROHIBITED USE.. * USE OF SERVICES.. * MATERIALS PROVIDED TO MICROSOFT OR POSTED AT ANY MICROSOFT WEB SITE.. * NOTICES AND PROCEDURE FOR MAKING CLAIMS OF COP
                              Process:C:\Users\Public\123.exe
                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):180668
                              Entropy (8bit):5.064180003233063
                              Encrypted:false
                              SSDEEP:3072:54ct+BcF1N7m8arf1kHRSusX2NyJ9KH4PF4j52eTjLAzE7GzmCK+XNhalQxkM8QB:N7mtrf1GhMF4j5RMGQoyzaXmR
                              MD5:0E87879F452892B85C81071A1DDD5A2A
                              SHA1:2CF97C1A84374A6FBBD5D97FE1B432FA799C3B19
                              SHA-256:9C18836FD0B5E4B0C57CFFDB74574FA5549085C3B327703DC8EFE4208F4E3321
                              SHA-512:10BA68FFD9DEAB10A0B200707C3AF9E95E27AED004F66F049D41310CB041B7618EE017219C848912D5951599208D385BCB928DD33175652101C7E5BC2E3EBA5B
                              Malicious:false
                              Preview:DO NOT TRANSLATE OR LOCALIZE...-----------------------------....%% This notice is provided with respect to ASM Bytecode Manipulation ..Framework v5.0.3, which may be included with JRE 8, and JDK 8, and ..OpenJDK 8.....--- begin of LICENSE ---....Copyright (c) 2000-2011 France T.l.com..All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:....1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holders nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without specific prior written
                              Process:C:\Users\Public\123.exe
                              File Type:HTML document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):983
                              Entropy (8bit):5.135635144562017
                              Encrypted:false
                              SSDEEP:24:+STATDcxWpAVjXQ5cjaJ2gjQo4OSED6R8R/TtDpM:+STATD7pqjXBeJdso4OnxRc
                              MD5:3CB773CB396842A7A43AD4868A23ABE5
                              SHA1:ACE737F039535C817D867281190CA12F8B4D4B75
                              SHA-256:F450AEE7E8FE14512D5A4B445AA5973E202F9ED1E122A8843E4DC2D4421015F0
                              SHA-512:6058103B7446B61613071C639581F51718C12A9E7B6ABD3CF3047A3093C2E54B2D9674FAF9443570A3BB141F839E03067301FF35422EB9097BD08020E0DD08A4
                              Malicious:false
                              Preview:<html>..<head>..<title>..Welcome to the Java(TM) Platform..</title>..</head>..<body>....<h2>Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Platform</h2>..<p> Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Standard Edition Runtime .. Environment. This provides complete runtime support for Java applications. ..<p> The runtime environment includes the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> .. Plug-in product which supports the Java environment inside web browsers. ..<h3>References</h3>..<p>..See the <a href="http://download.oracle.com/javase/7/docs/technotes/guides/plugin/">Java Plug-in</a> product..documentation for more information on using the Java Plug-in product...<p> See the <a href=.."http://www.oracle.com/technetwork/java/javase/overview/"..>Java Platform</a> web site for .. more information on the Java Platform. ..<hr>..<font size="-2">..Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved...</font>..<p>..</body>..</html>..
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):14912
                              Entropy (8bit):6.141852308272967
                              Encrypted:false
                              SSDEEP:192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
                              MD5:D63933F4E279A140CC2A941CCFF38348
                              SHA1:75169BE2E9BCFE20674D72D43CA6E2BC4A5A9382
                              SHA-256:532D049E0D7A265754902C23B0F150D665A78A3D6FE09AD51C9BE8C29D574A3D
                              SHA-512:D7A5023A5EB9B0C3B2AD6F55696A166F07FA60F9D1A12D186B23AAAACC92EF948CB5DFFA013AFC90C4BBE3DE077D591185902384F677D0BAE2FF7CFD5DB5E06C
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Joe Sandbox View:
                              • Filename: EYOFFTITMDLXZJFFCCGFDTBIY.msi, Detection: malicious, Browse
                              • Filename: SSCBOLGZFXVJMEICRNQMJOCDIF.msi, Detection: malicious, Browse
                              • Filename: BOCTGZXINFFCD20242108.msi, Detection: malicious, Browse
                              • Filename: PGCTGZXFCD20242008.msi, Detection: malicious, Browse
                              • Filename: CloudInstaller.zip, Detection: malicious, Browse
                              • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                              • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                              • Filename: Advanced_IP_Scanner_2.5.4594.1 (1).exe, Detection: malicious, Browse
                              • Filename: New Soft Update.exe, Detection: malicious, Browse
                              • Filename: , Detection: malicious, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...yPjW...........!......................... .....m.........................`......em....@.........................`%......,"..P....@..x............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..d.... ......................@..@.data...`....0......................@....rsrc...x....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):14912
                              Entropy (8bit):6.1347115439165085
                              Encrypted:false
                              SSDEEP:192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
                              MD5:B4EB9B43C293074406ADCA93681BF663
                              SHA1:16580FB7139D06A740F30D34770598391B70AC96
                              SHA-256:8CD69AF7171F24D57CF1E6D0D7ACD2B35B4EA5FDF55105771141876A67917C52
                              SHA-512:A4E999E162B5083B6C6C3EAFEE4D84D1EC1C61DCA6425F849F352FFDCCC2E44DFEE0625C210A8026F9FF141409EEBF9EF15A779B26F59B88E74B6A2CE2E82EF9
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...zPjW...........!......................... .....m.........................`.......2....@.........................`%......,"..P....@..p............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..a.... ......................@..@.data...`....0......................@....rsrc...p....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):128064
                              Entropy (8bit):6.428684952829155
                              Encrypted:false
                              SSDEEP:3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
                              MD5:2F808ED0642BD5CF8D4111E0AF098BBB
                              SHA1:006163A07052F3D227C2E541691691B4567F5550
                              SHA-256:61DFB6126EBA8D5429F156EAAB24FF30312580B0ABE4009670F1DD0BC64F87BB
                              SHA-512:27DBDA3A922747A031FF7434DE5A596725FF5AE2BC6DD83D6D5565EB2BA180B0516896323294459997B545C60C9E06DA6C2D8DD462A348A6759A404DB0F023A7
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...rPjW...........!................#..............m................................p.....@.........................p...........P.......x...............@...........................................p...@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):127552
                              Entropy (8bit):6.413283221897154
                              Encrypted:false
                              SSDEEP:3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
                              MD5:C3DED5F41E28FAF89338FB46382E4C3E
                              SHA1:6F77920776D39550355B146D672C199A3941F908
                              SHA-256:4691603DFABE6D7B7BEAC887DADC0E96243C2FF4F9A88CE3793E93356C53AA08
                              SHA-512:23621F2856899F40CFA9858DC277372BFE39F0205377543EB23E94422D479A53FDF664F4A9A4515C2285811F01D91AB64A834A03A4D3AB0CB7D78F8AF11135FF
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...sPjW...........!...............................m......................................@.........................@...........P.......p...............@...........................................H...@............................................text...n........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):97856
                              Entropy (8bit):6.467907542894502
                              Encrypted:false
                              SSDEEP:1536:/fHGbDtpt+WfGegcX30EJ4YHiYmRkgAPe+GP8uWg1kQOPt:/w2WfGe/30EWbY4Z+GpWuHOPt
                              MD5:F78D2BF2C551BE9DF6A2F3210A2964C1
                              SHA1:B6A4160ECA4C0D0552234FF69BCFDF45F0A2A352
                              SHA-256:9D18E5421A8606985FA54D7CEA921D1B8930358A2E4CDF5FDF2A8B3E4D857288
                              SHA-512:AAC8622683BE57518F8B03198A03BF1F760E082692C1FB6252E96CDBA19D3CEB0A6786CCBD7B98830E865297308FA99DBBEA464E41041ABDDA18AEB862BA993F
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...pPjW...........!................At.............p................................7P....@..........................9..A....1..<....................f..@............................................,..@...............@............................text...\........................... ..`.rdata..Qg.......h..................@..@.data...`,...P.......8..............@....rsrc................F..............@..@.reloc..J............N..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):95808
                              Entropy (8bit):6.48897048228647
                              Encrypted:false
                              SSDEEP:1536:EHSB4i2hJwZaDEoDVzkhbyJCAqn9nV+1vkJnHBoY8BK5Hj:EJJwZWEoDVYby81yiBovkHj
                              MD5:E5A6231FE1E6FEC5F547DFD845D209BC
                              SHA1:3F21F90ECC377B6099637D5B59593D2415450D45
                              SHA-256:51355EA8A7DC238483C8069361776103779CE9FE3CD0267770E321E6E4368366
                              SHA-512:D5D20DF0089F3217B627D39ABD57C61E026D0DC537022FB698F85FA6893C7FA348C40295DEEC78506F0EF608827D39E2F6F3538818BA25E2A0EE1145FCC95940
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...qPjW...........!................!o.............p......................................@.........................p7..>...<0..<.......x............^..@...........................................(+..@...............@............................text...<........................... ..`.rdata...e.......f..................@..@.data...`,...P.......0..............@....rsrc...x............>..............@..@.reloc..J............F..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):1182272
                              Entropy (8bit):6.63089480914076
                              Encrypted:false
                              SSDEEP:24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
                              MD5:159CCF1200C422CED5407FED35F7E37D
                              SHA1:177A216B71C9902E254C0A9908FCB46E8D5801A9
                              SHA-256:30EB581C99C8BCBC54012AA5E6084B6EF4FCEE5D9968E9CC51F5734449E1FF49
                              SHA-512:AB3F4E3851313391B5B8055E4D526963C38C4403FA74FB70750CC6A2D5108E63A0E600978FA14A7201C48E1AFD718A1C6823D091C90D77B17562B7A4C8C40365
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Q...?...?...?......?.......?.......?.z...?.......?.......?...>.;.?.....s.?.....w.?.......?.......?.......?.Rich..?.........................PE..L...nPjW...........!................,G.............m.........................P......Y.....@.................................,{...........N..............@....P......................................v..@............... ....V..`....................text...<........................... ..`.rdata.............................@..@.data...8....@...~...2..............@....rsrc....N.......P..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15424
                              Entropy (8bit):6.380726588633652
                              Encrypted:false
                              SSDEEP:384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
                              MD5:A46289384F76C2A41BA7251459849288
                              SHA1:4D8EF96EDBE07C8722FA24E4A5B96EBFA18BE2C4
                              SHA-256:728D64BC1FBF48D4968B1B93893F1B5DB88B052AB82202C6840BF7886A64017D
                              SHA-512:34D62BEB1FA7D8630F5562C1E48839CE9429FAEA980561E58076DF5F19755761454EEB882790EC1035C64C654FC1A8CD5EB46ECA12E2BC81449ACBB73296C9E8
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../x.W...w.W..W..W....s.W...u.W...@.W...A.W...p.W...q.W...v.W..Rich.W..........................PE..L...nPjW...........!......................... .....m.........................`.......9....@..........................'......|$..<....@...............$..@....P....... ..............................8#..@............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1447
                              Entropy (8bit):4.228834598358894
                              Encrypted:false
                              SSDEEP:24:+3AKdmzfuv6pBSyGJkR/4o6kn2SRGehD+GrspGC/hLRra:BzMUBLGJkBA+RGeV+GrspGC/TO
                              MD5:F4188DEB5103B6D7015B2106938BFA23
                              SHA1:8E3781A080CD72FDE8702EB6E02A05A23B4160F8
                              SHA-256:BD54E6150AD98B444D5D24CEA9DDAFE347ED11A1AAE749F8E4D59C963E67E763
                              SHA-512:0BE9A00A48CF8C7D210126591E61531899502E694A3C3BA7C3235295E80B1733B6F399CAE58FB4F7BFF2C934DA7782D256BDF46793F814A5F25B7A811D0CB2E3
                              Malicious:false
                              Preview: -Xmixed mixed mode execution (default).. -Xint interpreted mode execution only.. -Xbootclasspath:<directories and zip/jar files separated by ;>.. set search path for bootstrap classes and resources.. -Xbootclasspath/a:<directories and zip/jar files separated by ;>.. append to end of bootstrap class path.. -Xbootclasspath/p:<directories and zip/jar files separated by ;>.. prepend in front of bootstrap class path.. -Xnoclassgc disable class garbage collection.. -Xincgc enable incremental garbage collection.. -Xloggc:<file> log GC status to a file with time stamps.. -Xbatch disable background compilation.. -Xms<size> set initial Java heap size.. -Xmx<size> set maximum Java heap size.. -Xss<size> set java thread stack size.. -Xprof output cpu profiling data.. -Xfuture enable strictest checks, an
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):3857984
                              Entropy (8bit):6.850425436805504
                              Encrypted:false
                              SSDEEP:98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
                              MD5:39C302FE0781E5AF6D007E55F509606A
                              SHA1:23690A52E8C6578DE6A7980BB78AAE69D0F31780
                              SHA-256:B1FBDBB1E4C692B34D3B9F28F8188FC6105B05D311C266D59AA5E5EC531966BC
                              SHA-512:67F91A75E16C02CA245233B820DF985BD8290A2A50480DFF4B2FD2695E3CF0B4534EB1BF0D357D0B14F15CE8BD13C82D2748B5EDD9CC38DC9E713F5DC383ED77
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$=.$`\.w`\.w`\.w{.Twb\.w..Pwf\.w{.Vwl\.w{.bwl\.wi$[wo\.w`\.w}].w{.cw-^.w{.Swa\.w{.Rwa\.w{.Uwa\.wRich`\.w........PE..L...nPjW...........!......,...........+.......,....m..........................<......q;...@...........................4.......4.......9.(.............:.@.... 9..G....,..............................t2.@.............,.P............................text.....+.......,................. ..`.rdata..Y.....,.......,.............@..@.data...d.....5..*....4.............@....rsrc...(.....9......"7.............@..@.reloc..\.... 9......(7.............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):142912
                              Entropy (8bit):7.350682736920136
                              Encrypted:false
                              SSDEEP:3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
                              MD5:4BDC32EF5DA731393ACC1B8C052F1989
                              SHA1:A677C04ECD13F074DE68CC41F13948D3B86B6C19
                              SHA-256:A3B35CC8C2E6D22B5832AF74AAF4D1BB35069EDD73073DFFEC2595230CA81772
                              SHA-512:E71EA78D45E6C6BD08B2C5CD31F003F911FD4C82316363D26945D17977C2939F65E3B9748447006F95C3C6653CE30D2CDA67322D246D43C9EB892A8E83DEB31A
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..K.c.K.c.K.c.Br..I.c.P...H.c.P...I.c.P...N.c.K.b.m.c.P...m.c.P...J.c.P...J.c.P...J.c.RichK.c.........................PE..L...nPjW...........!.........Z......V.............Sm.........................@.......!....@.................................<...P.... ..................@....0..........................................@............................................text...n........................... ..`.rdata........... ..................@..@.data....+.......(..................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):64064
                              Entropy (8bit):6.338192715882019
                              Encrypted:false
                              SSDEEP:1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
                              MD5:B04ABE76C4147DE1D726962F86473CF2
                              SHA1:3104BADA746678B0A88E5E4A77904D78A71D1AB8
                              SHA-256:07FF22E96DCFD89226E5B85CC07C34318DD32CDA23B7EA0474E09338654BFEB3
                              SHA-512:2E4E2FEB63B6D7388770D8132A880422ABF6A01941BFF12CAD74DB4A641BDA2DCC8BF58F6DAE90E41CC250B79E7956DDF126943E0F6200272F3376A9A19505F1
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{.|.{.|.{.|..N..y.|.{.}.g.|.v.x.|.v.y.|.v.w.|.v.y.|....Z.|....z.|.v.z.|....z.|.Rich{.|.........................PE..L...nPjW...........!......... ......_.............Vm......................... .......*....@.....................................<.......................@...........................................(...@...............t............................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):453184
                              Entropy (8bit):6.516599034237354
                              Encrypted:false
                              SSDEEP:6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
                              MD5:5EDAEFFC60B5F1147068E4A296F6D7FB
                              SHA1:7D36698C62386449A5FA2607886F4ADF7FB3DEEF
                              SHA-256:87847204933551F69F1CBA7A73B63A252D12EF106C22ED9C561EF188DFFCBAE8
                              SHA-512:A691EF121D3AC17569E27BB6DE4688D3506895B1A1A8740E1F16E80EEFCE70BA18B9C1EFD6FD6794FAFC59BA2CAF137B4007FCDC65DDB8BCBFCF42C97B13535B
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:...:...:.......:.e....:......:......:.....:....:....:...;.`.:......:.......:.......:.......:.Rich..:.................PE..L...oPjW...........!.........:......n.............Xm................................-.....@.........................@...\6..............................@.......|8..................................Xh..@...............X...8........................text............................... ..`.rdata...;.......<..................@..@.data...............................@....rsrc...............................@..@.reloc..ZE.......F..................@..B................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):25152
                              Entropy (8bit):6.627329311560644
                              Encrypted:false
                              SSDEEP:384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N
                              MD5:72B7054811A72D9D48C95845F93FCD2C
                              SHA1:D25F68566E11B91C2A0989BCC64C6EF17395D775
                              SHA-256:D4B63243D1787809020BA6E91564D17FFEA4762AF99201E241F4ECD20108D2E8
                              SHA-512:C6A16DAAF856939615DFDE8E9DBE9D5BFC415507011E85E44C6BF88B17B705C35CD7CED8EDA8F358745063F41096938D128DEE17E14FE93252E5B046BDFCDDC0
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%..cK.cK.cK....cK....cK.cJ.cK....cK....cK....cK....cK....cK....cK.Rich.cK.........PE..L...nPjW...........!.....*...........4.......@....|m................................:6....@.........................0M.......H..<....p...............J..@............A...............................F..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......@..............@....rsrc........p.......B..............@..@.reloc..z............F..............@..B................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):21568
                              Entropy (8bit):6.601333059222365
                              Encrypted:false
                              SSDEEP:384:QwiAYZIxsQbbRLEs5Ltd7rpPVJfq0nYPLr7Ko+:BiPZj+bVEmtd7rpdJfnC7J+
                              MD5:73603BF0DC85CAA2F4C4A38B9806EC82
                              SHA1:74EBC4F158936842840973F54AF50CDF46BC9096
                              SHA-256:39EF85AB21F653993C8AAAB2A487E8909D6401A21F27CBA09283B46556FB16AF
                              SHA-512:5C238D677D458D5B7D43FA3FF424E13B62ABFCEDE66D55E3112DC09BF2F7B640EB8F82D00E41A2C7A7E7B36E3FCE3C2DCB060037314418D329466CC462D0BF71
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...'<8.>...'<:.>...'<..>...<...v...5.7.9...'<..1...'<?.=...'<>.=...'<9.=...Rich<...........................PE..L...nPjW...........!.................&.......0....}m................................F.....@..........................A..U....<..P....`...............<..@....p......@1..............................x;..@............0..(............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):827456
                              Entropy (8bit):6.022966185458799
                              Encrypted:false
                              SSDEEP:24576:E0NweWDjb28WNjE/lBy/pUbS3lYMpQIRrAOh3:7Wb5By/pUbouAQIRHh3
                              MD5:E741028613B1FC49EC5A899BE6E3FC34
                              SHA1:9EAE3D3CA22E92A925395A660B55CECB2EB62D54
                              SHA-256:9163A546696E581D443B3A6250F61E5368BE984C69ADFB54EE2B0E51D0FA008E
                              SHA-512:05C6CE707F4F0F415E74D32F1AACEC7E2C7746C3D04C75502EAECAFAF9E0108CE6206A8A3939C92EDCE449FFC0A68FB4389EDAA93D61920D1EC85327D1B3A55A
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vu.'...t...t...t..Tt...t.lIt...t.lYt...t...t...t}bat...t..`t...t..at{..t..Qt...t..Pt...t..Wt...tRich...t................PE..L...pPjW...........!................T.............`m.....................................@.........................................P..................@....p..\^.....................................@...............X...........................text...,........................... ..`.rdata..8...........................@..@.data....t.......R..................@....rsrc........P......................@..@.reloc..zr...p...t..................@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):907328
                              Entropy (8bit):6.160830535423145
                              Encrypted:false
                              SSDEEP:24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge
                              MD5:4FD3548990CAF9771B688532DEF5DE48
                              SHA1:567C27A4EA16775085D8E87A38FE58BEC4463F7D
                              SHA-256:BDE5DF7BCFC35270B57A8982949BF5F25592A2E560A04E9868B84BEF83A0EA4B
                              SHA-512:FD2CF2072A786293E30CD495BA06F4734F0CEA63CBC49B6D7A24F6891612375E48D1B5758D9408625E769E8A81C7C34F04278E011BCF47EDEB8C2AFC13AEC20C
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x...x...x....k..x...._..x....v..x....f..x...x...y....^..x....^..x....n..x....o..x....h..x..Rich.x..........................PE..L...nPjW...........!.................D.......0....mm................................t.....@..........................>......."..........................@........c...5..............................p...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data...$Y...@...6...,..............@....rsrc................b..............@..@.reloc...g.......h...X..............@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):109120
                              Entropy (8bit):5.986571003903383
                              Encrypted:false
                              SSDEEP:1536:LE9WcstxlDgZ9EYDKg0nc6N3MR+EpOB+o+5PVT/B:ghspgZPDanhs+EpOBF+5PFB
                              MD5:A5455B9BEB5672D89B1F0FCFAA4C79CA
                              SHA1:9C7DBB5AD1CB3EBE7347A9CDDD80389902DA81EC
                              SHA-256:89A429889DCD0F6A3FE56217A0FEB5912132AAB2817643021EAE3716DA533D4A
                              SHA-512:131866A4754F4AF78A94F0776815E7EA4375736A4B11A723B87A4436FA101D271FFE14E4B49D3AB1AE2FA61CDBDED0C3D174C75327BE3C24E0E4CC39AFFA9469
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ot....Z...Z...Z..Z...ZC@.Z...Z..Z...Z..Z...Z.v.Z...Z.v.Z...Z...Z...Z.x.Z...Z..Z...Z..Z...Z..Z...Z..Z...ZRich...Z........................PE..L...oPjW...........!..............................~m......................................@.........................P...J............0...t..............@...........P...............................0...@............... ...d...`....................text............................... ..`.rdata...D.......F..................@..@.data...0...........................@....rsrc....t...0...v..................@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):223296
                              Entropy (8bit):6.501845596055873
                              Encrypted:false
                              SSDEEP:6144:8P8OC0xbNXLJAEh4hijzud6kAgZkFGMReiDfbgOBI1:8P8OC0xbNXLJAEh4hijzud6kAgYGSA
                              MD5:9D5EDECF7E33DDD0E2A6A0D34FC12CA1
                              SHA1:FC228A80FF85D78AA5BFBA2515EFED3257B9B009
                              SHA-256:6D817519C2E2EFDD3986EB655C1F687D4774730AB20768DF1C0AAEF03B110965
                              SHA-512:B4D58D3415D0255DCD87EF413762BC0F2934AAA6C8151344266949D3DD549ABDCA1366FA751A988CDDC1430EBF5D17668ADF02096DD4D5EAFE75604C0DA0B4C9
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wG.s3&. 3&. 3&. .h. 0&. (.. 6&. :^. ;&. (.. 4&. 3&. n&. (.4 n&. (.5 "&. (.. 2&. (.. 2&. (.. 2&. Rich3&. ........PE..L...oPjW...........!.........~.....................m.................................e....@......................... ;.......1.......`...............P..@....p......................................@...@............................................text............................... ..`.rdata...O.......P..................@..@.data........@.......,..............@....rsrc........`.......8..............@..@.reloc..L....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):151104
                              Entropy (8bit):6.548096027649263
                              Encrypted:false
                              SSDEEP:3072:PPuiQNBInyjJ2y53/5d8n9e/ry7zOAHpyWWJd1u2TeKSNlGFGZQfVN2:iBInu2y5P5dkeDy7zOUpLJ2mHZQf2
                              MD5:7A710F90A74981C2F060FA361D094822
                              SHA1:FBDCA4E3F19AD5201572974E3C772A3C2694FBB3
                              SHA-256:9BC52058C02E0C87A6A9470C62D1AA4F998942CC00F99A82E7805E87D958BC16
                              SHA-512:928708DFF6A372BA997C072238823469CBFD28CCBB17A723AD35F851D35C6EFF82748AA41A9215955B9536A14AA57D47ABE0F1BA00D11F8D920A57F91B7A35E5
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................5......7.....................&.......8.......#.....5.........................4......3.....6.....Rich....................PE..L...oPjW...........!................g..............m.........................p............@.........................0...P............@...............6..@....P..........................................@...............4............................text............................... ..`.rdata...g.......h..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):200768
                              Entropy (8bit):6.431501859060678
                              Encrypted:false
                              SSDEEP:3072:lC0MaRHVsSduCCkNlKpR1FHNnuNcCwJPT54l2B3Fzkmldrz5ZD9hYJOj9T3iRK:s0XR1sYtxgGl2B3uWjhYJOj9TSY
                              MD5:434CBB561D7F326BBEFFA2271ECC1446
                              SHA1:3D9639F6DA2BC8AC5A536C150474B659D0177207
                              SHA-256:1EDD9022C10C27BBBA2AD843310458EDAEAD37A9767C6FC8FDDAAF1ADFCBC143
                              SHA-512:9E37B985ECF0B2FEF262F183C1CD26D437C8C7BE97AA4EC4CD8C75C044336CC69A56A4614EA6D33DC252FE0DA8E1BBADC193FF61B87BE5DCE6610525F321B6DC
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g_..g_..g_..._..g_..._..g_..._..g_..._..g_aT._..g_aT._..g_aT._..g_..f_..g_..._..g_.._..g_.._..g_..._..g_.._..g_Rich..g_........................PE..L...oPjW...........!...............................m.........................0............@..........................l..................X&..............@........(......................................@...............<....^.......................text...\........................... ..`.rdata..............................@..@.data...\"..........................@....rsrc...X&.......(..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):400960
                              Entropy (8bit):6.165546757090391
                              Encrypted:false
                              SSDEEP:6144:vxDvEpBGH7t7PB7Es7va/QdqOBYswIprNWhk+URpxfu4w7J:tvEpBGH7pN57vwQd6swIp5WhkRlfu4CJ
                              MD5:767BBA46789597B120D01E48A685811E
                              SHA1:D2052953DDE6002D590D0D89C2A052195364410A
                              SHA-256:218D349986E2A0CD4A76F665434F455A8D452F1B27EAF9D01A120CB35DA13694
                              SHA-512:86F7F7E87514DBC62C284083D66D5F250A24FC5CD7540AF573C3FB9D47B802BE5FFBBC709B638F8E066AB6E4BB396320F6E65A8016415366799C74772398B530
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..'..{t..{t..{t.g.t).{t#..t-.{t#..t".{t#..t".{t#..t,.{tS..ty.{t.8.t".{t..zt..{tS..t/.{t#..t/.{tS..t/.{tRich..{t................PE..L...oPjW...........!.....V...........=.......p.....m.........................P............@.............................^...............................@.... ..h'......................................@............p...............................text....T.......V.................. ..`.rdata...j...p...l...Z..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..h'... ...(..................@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):514112
                              Entropy (8bit):6.805344203686025
                              Encrypted:false
                              SSDEEP:12288:Y5JbfdT5NYGe8m51QSWvopH1kdMDbA2ZoNnYX:Y5JV7eB3KopvnAe2YX
                              MD5:8D0CE7151635322F1FE71A8CEA22A7D6
                              SHA1:81E526D3BD968A57AF430ABB5F55A5C55166E579
                              SHA-256:43C2AC74004F307117D80EE44D6D94DB2205C802AE6F57764810DEE17CFC914D
                              SHA-512:3C78C0249B06A798106FEAF796AA61D3A849F379BD438BF0BB7BFED0DC9B7E7EA7DE689BC3874ED8B97FF2B3BA40265DED251896E03643B696EFDBF2E01AC88C
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Es.J$..J$..J$....N$..Gv..I$..Gv.G$..Gv..G$..Gv..H$..7]..%$.....B$..7]..H$..J$...%..7]..K$..Gv.K$..7].K$..RichJ$..........PE..L...pPjW...........!................g..............m......................................@..........................F.......I..........................@.......lT...................................E..@............................................text............................... ..`.rdata..............................@..@.data....0...`..."...D..............@....rsrc................f..............@..@.reloc..lT.......V...j..............@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):132672
                              Entropy (8bit):6.708436670828807
                              Encrypted:false
                              SSDEEP:3072:HGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXyB/NK3GyNf9:mxvffVvyo0X8NKW+1
                              MD5:6376B76728E4A873B2BB7233CBCD5659
                              SHA1:3BE08074527D5B5BC4A1DDCEC41375E3B3A8A615
                              SHA-256:4FDF86D78ABC66B44B8AFF4BBCE1F2A5D6D9900767BE3CAAE450409924DBC5AD
                              SHA-512:955E7C5AB735183B491A753710B6F598A142A2876DDAE5AD301C3DA82A65CE82238E0F20C9F558F80138D58F8DC00B4EBD21483CEED0AABEEDA32CCA5D2E3D48
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........vu^............8Y...............................o..............................................Rich............................PE..L...oPjW...........!.....z...x......_..............m......................... ......^.....@.............................i...|...d.......................@........................................... ...@...............d............................text...Ny.......z.................. ..`.rdata...N.......P...~..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):115776
                              Entropy (8bit):6.787384437276838
                              Encrypted:false
                              SSDEEP:1536:0LHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyir0wIOfnToIfemrVZQirM:0rPDco4xMNEfZ1LQG4igmvTBfem7QcM
                              MD5:AB6ED0CFD0C52DBEDE1BE910EFA8A89B
                              SHA1:83CBC2746A50C155261407ECE3D7A5C58AAD0437
                              SHA-256:8A6FBB08E0F418A3BB80CC65233E7270C820741DD57525ED7FD3CC479A49396E
                              SHA-512:41773183FC20E42BF208064163AA55658692B9221560146E4F6A676F96FC76541ED82F1EFDFA31F8C25BA42F271F7D9087DE681DA937BBF0EB2C781E027F1218
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g0...c...c...c..c...c...c...cP..c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...cRich...c........PE..L...oPjW...........!........................0.....m......................................@.........................@.......|...(.......................@...........p1.............................. ...@............0..0............................text...L........................... ..`.rdata...f...0...h..................@..@.data....,..........................@....rsrc...............................@..@.reloc..Z...........................@..B................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):16448
                              Entropy (8bit):6.490137326885244
                              Encrypted:false
                              SSDEEP:384:WCMJqfiSZzDonPV5TyVIbb8nYPLr7VblXT:WLJqrNkndQIsC7Vhj
                              MD5:1F004C428E01F8BEB07B52EB9659A661
                              SHA1:4D6AAB306CB1F4925890BF69FCDF32BBFE942B81
                              SHA-256:1BDEFECDF8CFA3F6DA606AD4D8BD98EC81E4A244D459A141723CCB9DC47E57CB
                              SHA-512:61888A778394950D2840E4D211196FFE1CB18FA45D092CBADBEDF2809BDED3D4421330CFE95392DD098E4AE3F6F8A3070E273FFCA2FB495C43C76332CA331DBF
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w.x^w.x^w.x^...^v.x^l..^u.x^l..^u.x^l..^u.x^~..^r.x^w.y^[.x^l..^y.x^l..^v.x^l..^v.x^l..^v.x^Richw.x^........PE..L...oPjW...........!.........................0.....m.........................p.......!....@..........................7.......2..P....P...............(..@....`..`....0..............................`1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):51264
                              Entropy (8bit):6.576803205025954
                              Encrypted:false
                              SSDEEP:1536:urOHh9t7/GAzqHcGxAARrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/XudL:G+9t7/qHcGHuy/pb
                              MD5:3A744B78C57CFADC772C6DE406B6B31E
                              SHA1:A89BF280453C0BCF8C987B351C168AEB3D7F7141
                              SHA-256:629393079539B1B9849704CE4757714D1CBE5C80E82C6BB3BC4445F4854EFA7B
                              SHA-512:506A147F33C09FA7338E0560F850E42139D0875EF48C297DDB3CC3A29F12822011915FACCB21DA908CF51A462F0EBA56B6B37C71D9C0F842BDE4A697FB4FFB64
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O^;w.?U$.?U$.?U$.G.$.?U$...$.?U$.?T$&?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$Rich.?U$........................PE..L...oPjW...........!.....v...8......l..............m................................O1....@.............................u...|...<.......................@.......................................... ...@............................................text...~t.......v.................. ..`.rdata...'.......(...z..............@..@.data...............................@....rsrc...............................@..@.reloc..V...........................@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):19520
                              Entropy (8bit):6.452867740862137
                              Encrypted:false
                              SSDEEP:384:45kF/QP8xkI6hgWIE0PVlyJSZ9nYPLr7+:4SqP7I6rkd4EfC7+
                              MD5:503275E515E3F2770A62D11E386EADBF
                              SHA1:C7BE65796AA0E490779F202C67EEC5E9FBB65113
                              SHA-256:97B5D1C8E7AAACE5C86A418CB7418D3B0BA4F5E178DE3CF1031029F7F36832AF
                              SHA-512:AC7C0CB626C2D821F0F4E392EE4E02C9E0093F019AA5B2947E0C7B3290A0098A3D9BB803AB44FD304CA1F1D272CFB7B775E3C75C72C7523FF7240F38440CFC3C
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..|fl./fl./fl./}.(/dl./}.*/gl./}../dl./o.'/al./fl./_l./}../kl./}.//gl./}../gl./}.)/gl./Richfl./................PE..L...pPjW...........!.........................0.....m.........................p............@..........................=.......8..d....P...............4..@....`..\....1...............................6..@............0...............................text............................... ..`.rdata..w....0......................@..@.data...`....@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):30784
                              Entropy (8bit):6.413942547146628
                              Encrypted:false
                              SSDEEP:768:+HhfWinfwUFAvnb5TIUX+naSOu9MQQ5jhC7EY:cuin5FAvNTIUX+nbMQQ54EY
                              MD5:530D5597E565654D378F3C87654CCABA
                              SHA1:6FAC0866EE0E68149AC0A0D39097CEF8F93A5D9E
                              SHA-256:0CFAA99AE669DDC00BD59B5857F725DFF5D4C09834E143AB1B5C5F0B5801D13B
                              SHA-512:D7520A28C3054160FCD62C9D816A27266BE9333E00794434FB4529F0FF49A2B08E033B5E67A823E5C184EE2D19D7F615FF9EE643FE71C84011A7E5C03251F3B4
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..HI...I..JI...I..~I...I..GI...I...I..I...I...I..NI...I..II...IRich...I........PE..L....DjW.................0...,.......1.......@....@..................................<....@.................................dR..x....p...............`..@.......t....A...............................P..@............@..p............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......N..............@....rsrc........p.......P..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15936
                              Entropy (8bit):6.466457942735197
                              Encrypted:false
                              SSDEEP:384:GpsbHnDiW6gejmSHhV8cGees7snYPLr7Wj53:GpsbHn/HS/8cresgC743
                              MD5:CF2F023D2B5F0BFB2ECF8AEEA7C51481
                              SHA1:6EB867B1AC656A0FC363DFAE4E2D582606D100FB
                              SHA-256:355366D0C7D7406E2319C90DF2080C0FAE72D9D54E4563C48A09F55CA68D6B0C
                              SHA-512:A2041925039238235ADC5FE8A9B818DFF577C6EA3C55A0DE08DA3DEDD8CD50DC240432BA1A0AEA5E8830DCDCCD3BFBF9CF8A4F21E9B56DC839E074E156FC008D
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW..................................... ....@..........................`......B.....@..................................#..P....@..\............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata..z.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):126528
                              Entropy (8bit):6.8082748642937725
                              Encrypted:false
                              SSDEEP:3072:Kw2b3Kr+uWU9XzFhziJ1TBZAhsIn/B9NZwMgjeNXLD:43KFFheLCBpV/
                              MD5:73BD0B62B158C5A8D0CE92064600620D
                              SHA1:63C74250C17F75FE6356B649C484AD5936C3E871
                              SHA-256:E7B870DEB08BC864FA7FD4DEC67CEF15896FE802FAFB3009E1B7724625D7DA30
                              SHA-512:EBA1CF977365446B35740471882C5209773A313DE653404A8D603245417D32A4E9F23E3B6CD85721143D2F9A0E46ED330C3D8BA8C24AEE390D137F9B5CD68D8F
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..r..r..r.W.r..r.W(r..r...r..r..(r..r...r..r.W.r..r..r..r.W)r..r.W.r..r.W.r..r.W.r..rRich..r................PE..L...qPjW...........!..... ...........(.......0.....m................................6N....@......................... u...B...U..........................@............5...............................S..@............0......<U..@....................text...b........ .................. ..`.rdata.......0.......$..............@..@.data...............................@....rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):191040
                              Entropy (8bit):6.75061028420578
                              Encrypted:false
                              SSDEEP:3072:iUJiEoGLsncZizZQ7QBdCPdG3TBfMzrjZqMNGSplN2:iUJsnVzy7QBdC1G3TBEvFp6
                              MD5:E3E51A21B00CDDE757E4247257AA7891
                              SHA1:7F9E30153F1DF738179FFF084FCDBC4DAE697D18
                              SHA-256:7E92648B919932C0FBFE56E9645D785D9E18F4A608DF06E7C0E84F7CB7401B54
                              SHA-512:FC2981A1C4B2A1A3E7B28F7BF2BE44B0B6435FD43F085120946778F5C2C2CA73AD179796DEC0B92F0C6C8F6B63DD329EECC0AF1BB15392364C209DCF9CD6F7CA
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+H..E...E...E.L.....E..E....E..E....E......E...D...E..E..{.E..E....E..E....E.Rich..E.........PE..L....DjW.....................&....................@..........................0......aN....@.................................L*..d.......................@............................................$..@............................................text...~........................... ..`.rdata...s.......t..................@..@.data....4...@....... ..............@....rsrc................6..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):23616
                              Entropy (8bit):6.620094371728742
                              Encrypted:false
                              SSDEEP:384:Qp2dG5pC/ujTc8ZrEnrZm8WXLFnPV52WZQAnYPLr7lOGa:uvCGjJ0Q9ndRZdC71a
                              MD5:1C47DD47EBD106C9E2279C7FCB576833
                              SHA1:3BA9B89D9B265D8CEC6B5D6F80F7A28D2030A2D1
                              SHA-256:58914AD5737F2DD3D50418A89ABBB7B30A0BD8C340A1975197EEA02B9E4F25B2
                              SHA-512:091F50B2E621ED80BAFE2541421906DE1BCC35A0E912055B93E40CD903BE8B474103C0D8FECDF46E7F2F3C44BDADE64A857AB2B9CB5404306055150EE4ED002A
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..v...v...v.....+.t...m'$.u...v...\...m'&.w...m'..t...m'..{...m'#.w...m'".w...m'%.w...Richv...................PE..L...wPjW...........!.....*...........4.......@.....m................................F.....@..........................I..|....E..<....`...............D..@....p.......@...............................D..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....P.......:..............@....rsrc........`.......<..............@..@.reloc..^....p.......@..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):160256
                              Entropy (8bit):6.469497559123052
                              Encrypted:false
                              SSDEEP:3072:a2lpElIhbyyH3c1CX766zKELxKvFaPSnjZqMNJlGle:a2rE+xdW+76DEVKv8wv
                              MD5:4E3C37A4DE0B5572D69AD79B7A388687
                              SHA1:6B274E166641F9CE0170E99FE2D1F4319B75A9E8
                              SHA-256:893A86E7B1DE81DEDAB4794732FCCD02790756A2DBE4815C102F039088DFCBD2
                              SHA-512:8352A1CD859D17A27560448C6FFB0E8200096CAC744C8BB56330397FDE0B7F702E2295999D89FBAD74DF72DF200C391113A23A9B4342ABAC738167967533F9CD
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d6.. We. We. We.;...9We.;...We.)/..)We. Wd..We.O!.(We.;...We.;...!We.;...!We.;...!We.Rich We.........................PE..L....HjW...........!.....r...........q....................................................@.............................Z.......d.... ..............................@...................................@............................................text....p.......r.................. ..`.rdata..jH.......J...v..............@..@.data...,3..........................@....rsrc........ ......................@..@.reloc..@............T..............@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):70208
                              Entropy (8bit):6.353501201479367
                              Encrypted:false
                              SSDEEP:768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg
                              MD5:C2A59C7343D370BC57765896490331E5
                              SHA1:A50AF979E08A65EB370763A7F70CDB0E179D705D
                              SHA-256:40614FE8B91E01AD3562102E440BDBF5FAC5D9F7292C6B16A58F723BFFFE6066
                              SHA-512:CA266F1B2E51F66D119E2D71E3377C229A3D583853FFB606C101AFEB41689ACE7D1F1594781091DA67F9BE9D09F3019BF048C0F819777E8F1827A56BEEC252C4
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..9....1.j...1..9....1..9...1.....1...0.q.1.....1..9....1..9....1..9....1.Rich..1.................PE..L....HjW.................B...........B.......`....@..........................@......5C....@..................................}..x.......................@....0.......b...............................u..@............`......@{.......................text...,@.......B.................. ..`.rdata..x'...`...(...F..............@..@.data................n..............@....rsrc................p..............@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):57408
                              Entropy (8bit):6.6711491011490285
                              Encrypted:false
                              SSDEEP:1536:f6arRmcnq2lxm+Na6C7HIT6T8E2pLSSm3:fzm+q7HITS8E2pLSSA
                              MD5:AEADA06201BB8F5416D5F934AAA29C87
                              SHA1:35BB59FEBE946FB869E5DA6500AB3C32985D3930
                              SHA-256:F8F0B1E283FD94BD87ABCA162E41AFB36DA219386B87B0F6A7E880E99073BDA3
                              SHA-512:89BAD9D1115D030B98E49469275872FFF52D8E394FE3F240282696CF31BCCF0B87FF5A0E9A697A05BEFCFE9B24772D65ED73C5DBD168EED111700CAAD5808A78
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................I2.......(.......*.....................\.:.....\.>...............................)...............+.....Rich............PE..L...tPjW...........!.....r...V.......w.............m......................................@.........................@...x...............................@.......8.......................................@...............4............................text....p.......r.................. ..`.rdata...@.......B...v..............@..@.data...............................@....rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):446528
                              Entropy (8bit):6.603555069382601
                              Encrypted:false
                              SSDEEP:12288:RreTVhY4gXwLR4YS+OX3kQg4O5kM2LY58gwDTxXvwGSelo:Rr4VhyK7eTxXvwelo
                              MD5:8AE40822B18B10494527CA3842F821D9
                              SHA1:202DFFA7541AD0FAD4F0D30CEE8C13591DCA5271
                              SHA-256:C9742396B80A2241CE5309C388B80000D0786A3CAB06A37990B7690FD0703634
                              SHA-512:AA324A265639C67843B4BF6828029B413044CBE4D7F06A253B78B060EA554FECC6E803D59D03742C485B2EB3D52E5C0A44928DCC927501F413EE4664BB8A11F5
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.4Z..gZ..gZ..g.}g^..gWUggX..gWUeg\..gWUZgW..gWU[g_..g..qg]..gZ..g...g'~Zg~..g'~[g...g'~fg[..gWUag[..g'~dg[..gRichZ..g........PE..L...uPjW...........!..............................m......................................@.........................@..........d.......................@........%...................................\..@...............,............................text...{........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):126016
                              Entropy (8bit):6.608910794554507
                              Encrypted:false
                              SSDEEP:3072:oOxjjADzd+aeaPB9JhjxkM2wzGdXJbD/jn8Y6:ocKzeaPB9JhjxknwzG5JbDb8F
                              MD5:01706B7997730EAA9E2C3989A1847CA6
                              SHA1:7CEAD73CBE94E824FA5E44429B27069384BFDB41
                              SHA-256:20533C66C63DA6C2D4B66B315FFCF5C93AE5416E3DAE68CDD2047EFE7958AB3A
                              SHA-512:3272C8DE6C32D53372D481441DA81AE2B6EA02E8360B23D7F793B24827BD683A6604F43BE18CE2BEE40038FBE7D5F7AF78B2C465A51F82478D881DBEB5744DC2
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y.r.*.r.*.r.*O..*.r.*.r.*.r.*. .*.r.*. .*.r.*. 0*.r.*. 1*.r.*..0*.r.*...*.r.*. .*.r.*...*.r.*Rich.r.*........PE..L...vPjW...........!.........:.....................m................................c.....@.....................................<.......................@.......\...................................0...@............................................text... ........................... ..`.rdata..8(.......*..................@..@.data...............................@....rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):191552
                              Entropy (8bit):6.744419946343284
                              Encrypted:false
                              SSDEEP:3072:lScg0xvhTZNIs3Ft+STckCBQo3C0Y22vncTBfsO9jZqMN3cH1Tefqk:lSclI6nTc3BQo3C0YHncTBxvs65
                              MD5:48C96771106DBDD5D42BBA3772E4B414
                              SHA1:E84749B99EB491E40A62ED2E92E4D7A790D09273
                              SHA-256:A96D26428942065411B1B32811AFD4C5557C21F1D9430F3696AA2BA4C4AC5F22
                              SHA-512:9F891C787EB8CEED30A4E16D8E54208FA9B19F72EEEC55B9F12D30DC8B63E5A798A16B1CCC8CEA3E986191822C4D37AEDB556E534D2EB24E4A02259555D56A2C
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%..w%...%.7D%...%.7q%...%..|%...%...%...%.7E%*..%.7u%...%.7r%...%Rich...%........................PE..L....DjW.....................(...................@..........................0............@.................................\*..d.......................@............................................$..@............................................text............................... ..`.rdata...t.......v..................@..@.data....4...@......."..............@....rsrc................8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):269888
                              Entropy (8bit):6.418120581797452
                              Encrypted:false
                              SSDEEP:6144:Fp9B0qT85g5Sq+VBY2qVLC2wH5rM8HoQvlHO:5uqT85sSq+ERVm2wZEQvlHO
                              MD5:F8211DB97BF852C3292C3E9C710C19D9
                              SHA1:46DAD07779E030D8D1214AFE11C4526D9F084051
                              SHA-256:ECF4307739CA93F1569CE49377A28B31FE1EB0F44B6950DBAAFA1925B24C9752
                              SHA-512:B3E20EECA87136CAE77F06E4149E65EBFEF71A43589F7E2833008FE43811A2BC8B6202B6ADB5CE122A1822E83CE226B833DEF93A2B161476BD5B623794E4F697
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..L%...%...%...>c..8...J.4.-...,.......%.......>c5.....>c4.....>c..$...>c..$...Rich%...................PE..L...rGjW.................t...........C............@..................................a....@.................................L...x.......................@.......8................................... ...@...............h...T........................text....r.......t.................. ..`.rdata...c.......d...x..............@..@.data...8........z..................@....rsrc................V..............@..@.reloc..>-..........................@..B................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):13888
                              Entropy (8bit):6.274978807671468
                              Encrypted:false
                              SSDEEP:192:ahKnvndLwm3XLPVlD6yTUZnYe+PjPriT0fwdNJLkoRz:a4j7PVl1TAnYPLr7cLka
                              MD5:0291BA5765EE11F36C0040B1F6E821FB
                              SHA1:FFE1DCF575CCD0374DF005E9B01D89F6D7095833
                              SHA-256:F8540BE2BBD5BDE7962D2FE4E7EC9EF9BF53D95B48781AE549AA792F10032485
                              SHA-512:72ADDC631D8CF064E1B047B51EEF7F306CA959D24ED705065C33EE8DDDF7EA84B95B3DE5B0709015A81D36ACA01E15CE99A354D4069D4D798ED128A6A76D1010
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X"._9LR_9LR_9LRD..R^9LRD..RS9LRD..RZ9LRVA.R]9LR_9MR|9LRD..R\9LRD..R^9LRD..R^9LRD..R^9LRRich_9LR........PE..L...xPjW...........!......................... .....m.........................`............@..........................&..J...\"..P....@..................@....P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):163904
                              Entropy (8bit):6.783788147675078
                              Encrypted:false
                              SSDEEP:3072:XrQPwE5tlGsXVomHvD+1febSICzqozXtrQwnNZkB+5:XU15tpX9HvsfrTtMwNWBY
                              MD5:6E08D65F5CBB85E51010F36A84FC181D
                              SHA1:4EEE8BE68BAAF6320AEA29131A1C0B322F09F087
                              SHA-256:2D8658909D9E357A4B70FCF862D690EEC82A2F77161ABB021E0839C6A67D4825
                              SHA-512:DF4494D062E9A8AC82D727D2722DCF32C3FC924FA104F384FA099ADB08ECBDEEA7A19245D779097C0AFCF51F84852328ED595C88380F42BD39560678C8AD9621
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..cp..cp..cp...p..cp...p..cp.D.p..cp..bp..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cpRich..cp........................PE..L...{PjW...........!...............................m......................................@......................... ?..h...|9..<....P...............h..@....`...)..@...............................(8..@...............,............................text............................... ..`.rdata..._.......`..................@..@.data...0....@.......4..............@....rsrc........P.......8..............@..@.reloc...+...`...,...<..............@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):22592
                              Entropy (8bit):6.620820751411794
                              Encrypted:false
                              SSDEEP:384:YL4Z7lZRiY3PB6cGgOp2m1zq2oatSnPV5zYxkpLfsnYPLr7Ybc:E4PZRiY3PB6cVAebaMnd+ypLkC7Cc
                              MD5:700F5789D2E7B14B2F5DE9FDB755762E
                              SHA1:F35EDE3441D6E5461F507B65B78664A6C425E9AC
                              SHA-256:D115EAF96BD41C7A46400DCFF7EF26AC99E3CF7A55A354855C86BAE5C69A895A
                              SHA-512:664A442DD424CA04AC0CE072B9BBD5EF7C657B59A26403C44A856738F7998466BFE3010825A13451281841D39B0A34D8997EE24497D626EC60C19AA1AF0EE465
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../j.W...e.W..W..W....a.W...g.W...R.W...S.W...b.W...c.W...d.W..Rich.W..........PE..L...|PjW...........!........."......T&.......0.....m.................................O....@.........................`>.......:..<....`...............@..@....p.. ....0...............................9..@............0...............................text...^........................... ..`.rdata..p....0....... ..............@..@.data........P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):115264
                              Entropy (8bit):6.588792190592223
                              Encrypted:false
                              SSDEEP:3072:2Cgsy+/cydqNiaZr+lOzZPh7/W4MCnc8Ioaa2yFWcC6vsx/8:FZOzZPh7/WSe+S6v+U
                              MD5:8BC8FE64128F6D79863BC059D9CC0E2E
                              SHA1:C1F2018F656D5500ACF8FA5C970E51A55004DA2E
                              SHA-256:B77CD78FF90361E7F654983856EE9697FDC68A0F9081C06207B691B0C9AF1F5D
                              SHA-512:6771F23ECF1A449EB6B0B394E0F1D3EB17C973FC0544BA25487C92F215ACC234FC31C9B7BE5528EFD06D29A35BB37DD7934318837576862ADFC2631B4D610A24
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l..>7..l..>...l..>5..l..>...l...#..l..5..l..l.zl.....l.....l..4..l..>3..l..6..l.Rich.l.........PE..L...}PjW...........!.........|......],.......@.....m................................~.....@.....................................x.......................@............................................h..@............@...............................text....-.......................... ..`.rdata..4Z...@...\...2..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):33934912
                              Entropy (8bit):6.35314231534845
                              Encrypted:false
                              SSDEEP:393216:VJ8d7SMzwH5R2sdDcBwHHdI4DKRlDsqXCagQZhzvilh2Wlq7ODI:VJ8d7zzUesdDtevn
                              MD5:4D857A5FC9CA16D2A67872FACCF85D9F
                              SHA1:EAEB632E526EFA946E4DB1B8CFA31DE6A7B03219
                              SHA-256:7FFA7423DDA07499394B345E5ECE2D54C8E19247E6E76C0E23B5BF1470AB0D7F
                              SHA-512:8DBC8675CE2DACE8D629C3FA66CF65704346AB829AE0B0A1D7B25BE22783B7E73624BA70F6D67264D6CA1656D7590E3753A8DF2227DA45112C5BD4A5654089AF
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O..z!..z!..z!.c...z!..(...z!..(...z!......z!..z!..z!..(..hz!..(...z!......z!. ...z!..z ..{!......p!......z!..(...z!......z!.Rich.z!.................PE..L...~PjW...........!......... $....................m......................................@.................................X...x.......@...............@..............................................@............................................text.............................. ..`.rdata...E.......F..................@..@.data..............................@....unwante............................@..@.rsrc...@...........................@..@.reloc.............................@..B........................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15936
                              Entropy (8bit):6.475020301731584
                              Encrypted:false
                              SSDEEP:384:GpsE5cnm6ObmSHhV8j0eeq4SziahnYPLr79OOu:Gpszn6iS/8jxeqfhC78Ou
                              MD5:4F11D43AA2215CE771DA528878F01C8E
                              SHA1:8062681D73489FF200CA0BA426FF1FF3F44494A7
                              SHA-256:0D554CD4B373D6D9B9C179A468D179388706C0BDE4D878ED75EF575651588B3C
                              SHA-512:34CB271C32FB479CFAEEC536A5D35A41730E90001D67DC9DB595DB240A1F58C3BF12334BB5CDE7673C8E56A4C272BFBD66E4EACDEE0082F6FD583E4E039EC540
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......C....@.................................$#..P....@..@............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...@....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):158784
                              Entropy (8bit):6.816453355323999
                              Encrypted:false
                              SSDEEP:3072:gLkNbBRaz4rQWiG6wMz9/S3en9pHUw06TBfkqI44:rNbB4Mcnv7z6en9pj06TB6
                              MD5:73A76EC257BD5574D9DB43DF2A3BB27F
                              SHA1:2C9248EAE2F9F5F610F6A1DFD799B0598DA00368
                              SHA-256:8F19B1BA9295F87E701C46CB888222BB7E79C6EE74B09237D3313E174AE0154F
                              SHA-512:59ECD5FCF35745BDADCDB94456CB51BB7EA305647C164FE73D42E87F226528D1A53CE732F5EC64CE5B4581FA8A17CFBFDC8173E103AE862D6E92EB3AD3638518
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................6...........0.....=............7....5.....4.....3....Rich............PE..L....PjW...........!...............................o................................Y.....@..........................3..m....*..d....................T..@............................................#..@............................................text...~........................... ..`.rdata...u.......v..................@..@.data....4...@......."..............@....rsrc................6..............@..@.reloc.."............:..............@..B................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):207424
                              Entropy (8bit):6.630800216665857
                              Encrypted:false
                              SSDEEP:6144:ckZ5ktGCru8e6Y3RhNw0mjs+OBS7n7ACKRAHbW:ciIbS6Y37Nw0/QC
                              MD5:475DD87198F9C48EFB08AAB4ADE8AF5A
                              SHA1:9B657E0837639663D4D721F8C5E25401F11E7BEB
                              SHA-256:32764005FCCE7D0E51801528F6B68C860979E08D027A5220DFEC19B2A8013354
                              SHA-512:0B492B0FBADC14178A6F79A58E47C30D92B59B18414E38A7B119699D0788ACF3713F925CF0EC570BE3E29AB26BDB6B567C38526BC0603BA78ECC3E2952EA3E2B
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.*...*...*.......*.......*.;....*.......*.......*...+...*.......*.......*.......*.......*.......*.......*.Rich..*.........................PE..L....PjW...........!.........>.....................o.........................P............@.............................................................@......../...................................C..@...............|...........................text.../........................... ..`.rdata..............................@..@.data....,.......&..................@....rsrc...............................@..@.reloc...6.......8..................@..B........................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):82496
                              Entropy (8bit):6.597347722250847
                              Encrypted:false
                              SSDEEP:1536:ez2dfBusTTkMffX+xR5kdt94u+508AqDfJOqsbCkq24maADX:kE5u+kkX+P+dt9O08JJOZXX4nADX
                              MD5:5F85F7F2DFAC397D642834B61809240F
                              SHA1:ECA28E8464208FA11EF7DF677B741CDD561483D9
                              SHA-256:B71E00ADB77D87882D58993A5888955BDD62C57D364F60AAA0FA19D32A69C9DA
                              SHA-512:2BFE9FCE450E57EA93DEEAA85A746CB17BA946EEFF866F10D67C74F7EA038B16910E0D8EF29E9F358AF7DAABD45E3983C370FEF82A9647546819DCDE3AEE45BC
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..C..C..C.....C..3..C.v...C..3..C..B.X.C.....C..3..C..3...C..3..C..3..C.Rich.C.........PE..L....HjW............................1.............@.................................cE....@.................................\...x....`..H............*..@....p..h.......................................@............................................text............................... ..`.rdata...C.......D..................@..@.data....0... ......................@....rsrc...H....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):19008
                              Entropy (8bit):6.372096409611824
                              Encrypted:false
                              SSDEEP:384:PTjlu57T5J5eFeYW7TPVlN3B+ASZQ4NNR7F3qnYPLr7om0:PnUd5eFeDfd5Sj7oC7om0
                              MD5:4023E25F92B5F13E792901BF112A8EA2
                              SHA1:31ADCD411905832B89EA55DEC8B9C83AF3C7D3EA
                              SHA-256:432AEDAC59FA161FED5A5D95CA5F8CFD1D73A35ABE8A7090D137100F727B687B
                              SHA-512:AD0E6F8071EB09E843989E637BACA988DD7706D84FC26DB7C2E18BBE03A78A6C5BFE4F1B28289B5929B2B86C53FB6C3DAE42523DC8EDE8057A8F431AEA77BB20
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~fQ.~fQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ.~gQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQRich.~fQ................PE..L....PjW...........!.........................0.....o.........................p.......8....@..........................8......43..P....P...............2..@....`.......1..............................P1..@............0.......2..@....................text............................... ..`.rdata..T....0......................@..@.data........@.......&..............@....rsrc........P.......*..............@..@.reloc..J....`......................@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):186944
                              Entropy (8bit):6.612459610032652
                              Encrypted:false
                              SSDEEP:3072:XsSFQQB7SGWV2xrkvql6QPJD7mGVqjLypDTaDE5zwmFxy7HglbZrdIG:XJ97PxYAPJ/RV0tDCzw+xy0ldOG
                              MD5:E9373908186D0DA1F9EAD4D1FDAD474B
                              SHA1:C835A6B2E833A0743B1E8F6F947CFE5625FE791F
                              SHA-256:E2FBD6C6334D4765FF8DFF5C5FE3DF8B50015D0BF9124142748FADB987B492FF
                              SHA-512:BFDC236D462DAC45FD63C112E40558ED4E11E76FB4D713926A679FD573F67FA16451231A03178926B76BD267F092A33A3B6760CF4812DE2679BB9505B83F8261
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.+.#.x.#.x.#.x.mGx.#.x..Ax.#.x..ux3#.x.[Lx.#.x.[\x.#.x.#.x #.x.Utx.#.x..tx.#.x..Dx.#.x..Ex.#.x..Bx.#.xRich.#.x................PE..L....PjW...........!................K........ .....o................................,j....@................................. ...d.......................@............"...............................f..@............ ..P...L|.......................text...\........................... ..`.rdata...m... ...n..................@..@.data....5...........z..............@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):145984
                              Entropy (8bit):6.69725055196282
                              Encrypted:false
                              SSDEEP:3072:S2yRKm4/j/dKLnjHy7OMD+MqS1RYio7+oD33GnUV0fem2M:S2ytqlYnjHehDzqiq+oD33OUV8Vx
                              MD5:4294D39CC9E5F23754D41B9DDE710112
                              SHA1:1BAA1E136F18108AB4E31EC005DEC54FC3F23A7C
                              SHA-256:DE3EEDED01B35DC7C29B0B758211BB1DB73CCFFB9298D281DAF56924ED9E93CB
                              SHA-512:E88DFF129DD35445B32A2DBCAB97CF752E9ACDF82FF88B184FA6D3B461D55BD2D195794802C5BA5E7EFFA086DC89E0C2CEF0C8B0BFA29AC70B75CFB1B4B0584C
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.j.i.j.i.j.i..5i.j.i..8i.j.i...i.j.i..:i.j.i.j.i.j.i...i.j.i..=i.j.i..<i.j.i..;i.j.iRich.j.i................PE..L....PjW...........!.........P......)..............o.........................`............@.........................."..X.......P....@..............."..@....P..........................................@............................................text...N........................... ..`.rdata...9.......:..................@..@.data........0......................@....rsrc........@......................@..@.reloc..4....P......................@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):16448
                              Entropy (8bit):6.482296988184946
                              Encrypted:false
                              SSDEEP:384:n11I27Bf0jeZy+hiqEyRoPV527rBnYPLr7/U:nrJfYqodYJC78
                              MD5:4BDF31D370F8A893A22820A3B291CC1D
                              SHA1:BD27656B42F881EEE1940CFE15CF84C1938B57BA
                              SHA-256:C98DFAC99CC1E05D5F86B2577031A7624DCC13D0A8344B2855F166335177BC16
                              SHA-512:51623274C13DA71AD01DBAD7950444B512F08C3DC04E27F0321DF02E9F3C4DFB308DEF35F58524CCCCE79ED2A8859D85C16DC0D9BEA378E5538E23602D35AA76
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.m..d>..d>..d>.b.>..d>...>..d>..e>..d>...>..d>...>..d>...>..d>...>..d>...>..d>...>..d>Rich..d>........................PE..L....PjW...........!.........................0.....o.........................p......n.....@.........................P8..:....4..<....P...............(..@....`.......0...............................3..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):30784
                              Entropy (8bit):6.609051738644882
                              Encrypted:false
                              SSDEEP:384:mk87qhVj8sqgP7CRLMOPfkGo7UdJs0flkg2uG8RPGHTR5ny5pnYPLr7z:mk87qhVjaMOPJdJFflLJR+V03C7z
                              MD5:7BD914407C6D236B27865A8C63147B7F
                              SHA1:9B49E48705341D30E3F92B85652E924C7985E415
                              SHA-256:549849DC910261D817670B192715430395993E811D0FD3103651237D7F18929D
                              SHA-512:624DC95F696BEA311726EAFB0017F363C8703B95A2E08DE984C642867888CF5B9172326C2E2567ED4A2EA28F806B633840552C80BE49EB6CF2A8FC4A0C259117
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Nu.h &.h &.h &...&.h &...&.h &...&.h &.h!&_h &...&.h &...&.h &...&.h &...&.h &...&.h &Rich.h &........PE..L....PjW...........!.....8...(.......A.......P.....o.................................G....@.........................P^.......V..P....................`..@...........`Q...............................U..@............P..D............................text...66.......8.................. ..`.rdata.. ....P.......<..............@..@.data...$....p.......V..............@....rsrc................X..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):27712
                              Entropy (8bit):6.6264206752006825
                              Encrypted:false
                              SSDEEP:768:hgWe1DWI+mB7JkJKe3xVF2XNbuHEqe8yIGn3zY9pcQ/oGmEsg0sqkgiHmNs2Qd6X:qWbEK1Ms2dYJG
                              MD5:6280201C1918EA3293919BB282D2B563
                              SHA1:3F6F5299A435E2A0C36BE8AAD4CB2FCAACD0897D
                              SHA-256:0711127A297E4CC1927D77013FC040CAA26930C34A4C7B4D7631BCE9C8041B74
                              SHA-512:A4C4507ED4FDEC038FAFA62970161E7B75FF9A2ABBDF854ED55483144DCDC0FC9D21235FDDDF1B38303723F9C615AE388397C4D17B5391D8827A5B40AC52C5FC
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q...q...q.......q.......q.......q...q...q....=..q....<..q.......q.......q.......q..Rich.q..........................PE..L....PjW...........!.....6...$.......?.......P.....o................................p;....@.........................0Y.......S.......p...............T..@.......0....Q...............................R..@............P...............................text...f4.......6.................. ..`.rdata.......P.......:..............@..@.data...L....`.......J..............@....rsrc........p.......L..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):178240
                              Entropy (8bit):6.793245389378621
                              Encrypted:false
                              SSDEEP:3072:gWosiKTxga2KtpdhEnGF5PNyR0BxDxxKF5HkEWnuYsauj9Fom1QB:3RRKAtpdhEn/0BzwFpvYm0z
                              MD5:BF299F73480AF97A750492E043D1FADD
                              SHA1:C93C4A2DAE812F31603E42D70711D3B6822F9E8E
                              SHA-256:0334E3B7AE677116B92516172D0CA905723DAF847D8B3B0DC3FC118EDC703D51
                              SHA-512:7265783F0DD653DBC4693D5EFEB156281620C5421F29910F14C22B75A936233E9E897087E64B641335795484837F28F113EE9F380027698A898F19115FD0F648
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..di..di..di.k.i..di.k.i..di...i..di.k.i..di..ei..di.k.i..di.k.i..di.k.i..di.k.i..diRich..di................PE..L...pPjW...........!.....^...F.......g.......p.....o.................................Z....@.............................d....x..P.......h...............@....... ...`q..............................pw..@............p..H............................text....\.......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....rsrc...h...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15936
                              Entropy (8bit):6.474237923131844
                              Encrypted:false
                              SSDEEP:384:Gps45cnQ6DmSHhV8r0eeU4Szi6nYPLr70aG:Gpsnn4S/8rxeUvC7RG
                              MD5:9A4CF09834F086568DF469E3F670BF07
                              SHA1:594C4E0394475A6299C79E3A063C7D5AE49635F3
                              SHA-256:709E9E544434C52285A72F29AD6B99CE1E7668545F10AD385C87ABF34D2052BB
                              SHA-512:CD551E7944461F3288B880B9D161F19F97EB4599A3A46CC93C4172B5112960FB0C040B9996F13CF0761FB85A283E2F20944135EC59660C807A59B29CDDC44586
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......@....@.................................4#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15936
                              Entropy (8bit):6.477340414037824
                              Encrypted:false
                              SSDEEP:384:Gps45cnk6LlmSHhV8i+ceek4SzS+nYPLr7wd:Gpsnn5AS/8jZek7C7wd
                              MD5:4DE6BFE6EA98BC42A5358ED8307107B2
                              SHA1:8F687E60784FD9046A361DC1DC85D43051CBD577
                              SHA-256:7C07D167AA4A23AB64A205301663C87E578FF6B31985DF8B51AF80CA6999176F
                              SHA-512:8091AADEACAD1DAC5191EBB996D1E4BE25A19C10A4E76F79AB7EA2A592711FD39AAD7E89D7DEE09385296AA7A649AABFA7C325C4A627AFE1C009C906709EDB5A
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`............@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15936
                              Entropy (8bit):6.477747126356611
                              Encrypted:false
                              SSDEEP:384:GpsJ5cn66FmSHhV8Teeek4SzSgnYPLr7mpB:GpsUngS/8TDekdC7yB
                              MD5:CA17B8CBD623477C5D1D334B79890225
                              SHA1:2BFC372A28EDE40093286CDA45003951A2CE424F
                              SHA-256:A7AC47AC8518E2D53575E12521B3A766A5E2EE4133C6C6AB9AE1C3C6777F5E77
                              SHA-512:D9DDF3E67B9A4E0197D271243623D4DF8A26A35EC2F5195AB316E910E133BA09C70F6D28E7CA69184E4ABABCF063C014D7A6E6EA48F82382B316864A945175C5
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`....... ....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15936
                              Entropy (8bit):6.476844183458217
                              Encrypted:false
                              SSDEEP:384:Gpsw5cnL6U0mSHhV89+ee84SzSFnYPLr7KTdK:Gps/nHpS/89je80C7KQ
                              MD5:B4AD335E868693F009B7644E2ED555C1
                              SHA1:ECCB9711CF78BCD5BD78231A838B1852764B301C
                              SHA-256:CCA46A54A1A9CE78F7FFC49D195C4AB970AD540B5FCB2B6D9BF57EEDF38EC28D
                              SHA-512:04A4670345B47C5B256220A85FFC68A1DD6DFE8D44838A4C634EB0EBC469EFC307B0BCF838AA1244634A315F365518B1633586B872C6D459EE80374D14234CA4
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......{.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):185920
                              Entropy (8bit):6.517453559791758
                              Encrypted:false
                              SSDEEP:3072:pmxoFzYbnERrNyf0VCyqp2pswAG8wJfV1cnrQKUCc9rBTq/bKQcUMZ:koFJcQCyuZG8wdKcLgbDcU6
                              MD5:D4246AF96E1FFA5E63C55E6F0A63ED82
                              SHA1:30F319CEBD7BCCCFC3637231D07F45BD5A79B03E
                              SHA-256:84576AAC88D08E864645415D8A81F4B8F04C881B7624973C952BA6BCB94F4C8C
                              SHA-512:92EDFE62BE5BDDC47EC51B01F8FE71C69691423ABECBB358A972766ACCDC8F9365C064FD0A7833C8853EDD5DED51791A7662584DB5F54BE3586AC2787160FA6A
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AE.m.$z>.$z>.$z>.\.>.$z>...>.$z>...>.$z>...>.$z>.${>T$z>...>"$z>...>.$z>...>.$z>...>.$z>Rich.$z>........................PE..L...pPjW...........!.................%.......0.....o......................................@..........................P..h...LK..d.......................@.......$... 1...............................I..@............0...............................text............................... ..`.rdata..H#...0...$... ..............@..@.data....h...`...\...D..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):33344
                              Entropy (8bit):6.5580840927675945
                              Encrypted:false
                              SSDEEP:768:5TuVpsEkV3/azbYJHf2ZdCwhxKdv0tCFC7dRb:5YQV3/az8x2HCSScC4dRb
                              MD5:EFF31A13A4A5D3E9A5BD36E7349D028B
                              SHA1:8E47BE8C1CE4DFD73B7041679E96EA4A17DDB4C0
                              SHA-256:307B816892FDD9BAD9E28953E1BBB4BCE35C8F8CA783C369D7EB52A22BCC4229
                              SHA-512:72148C757624868D3866C40B31149CCA171737D82ADBCDF2C8FB03A9D8F3C1CEA2B2FC5137DD11DAAD2328D3AF8FAE43568DCCD843664BC43323F9357B67B6A0
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\j.29.29.29w..9.29...9.29...9.29..9.29...9.29.39..29...9..29...9.29...9.29...9.29Rich.29........PE..L...pPjW...........!.....,...>......H6.......@.....o................................T.....@..........................T.......K.......................j..@...........pA..............................XJ..@............@..P............................text...^+.......,.................. ..`.rdata...-...@.......0..............@..@.data...@....p.......^..............@....rsrc................`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):574528
                              Entropy (8bit):6.508068830472597
                              Encrypted:false
                              SSDEEP:12288:NtKMEr1LBBgPcvhwhtRtL+tKJZetu4zxLukaMevlOjPMat4+8NMutQaLqqiINw3X:NtKMEr1VBgPcvhwhtRtL+tkZezxLuQeS
                              MD5:5E1B7D0ACCB4275DEAB6312AA246CB3E
                              SHA1:488A5CB9D9C0CF27824DF32B9B76D4F67F6FB485
                              SHA-256:9FC49B3F6FD11A2B2B92748C24F21721D1011B1920D092E38AF4021102125543
                              SHA-512:5A875DD4731E862F753EBB987593DC61D39DD3D3D13CDED284DE27DD09AFA946FA96824AC194EC0DD45AA2CE0D56637A5522F49F28F3C89B7F5248D389B1B62E
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8i.8i.8i.@..8i....8i.8h.8i....8i....8i.....8i....8i....8i....8i.Rich.8i.........PE..L...pPjW...........!...............................o.....................................@......................... ..."......<.......................@...........................................p...@............................................text............................... ..`.rdata..B...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):455328
                              Entropy (8bit):6.698367093574994
                              Encrypted:false
                              SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                              MD5:FD5CABBE52272BD76007B68186EBAF00
                              SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                              SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                              SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):773968
                              Entropy (8bit):6.901569696995594
                              Encrypted:false
                              SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                              MD5:BF38660A9125935658CFA3E53FDC7D65
                              SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                              SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                              SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):970912
                              Entropy (8bit):6.9649735952029515
                              Encrypted:false
                              SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                              MD5:034CCADC1C073E4216E9466B720F9849
                              SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                              SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                              SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):79936
                              Entropy (8bit):6.675027571633986
                              Encrypted:false
                              SSDEEP:1536:ygRdVzzmTj2iu+wk5eQjBE55W+hYRwZZ3GFjJJ5n5WF:yIfmHsM5j6VqJJ55WF
                              MD5:691B937A898271EE2CFFAB20518B310B
                              SHA1:ABEDFCD32C3022326BC593AB392DEA433FCF667C
                              SHA-256:2F5F1199D277850A009458EDB5202688C26DD993F68FE86CA1B946DC74A36D61
                              SHA-512:1C09F4E35A75B336170F64B5C7254A51461DC1997B5862B62208063C6CF84A7CB2D66A67E947CBBF27E1CF34CCD68BA4E91C71C236104070EF3BEB85570213EC
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.._e.}.e.}.e.}.~'..d.}.~'..g.}.....f.}.~'..c.}.e.|..}.l...b.}.l...d.}.~'..D.}.~'..d.}.~'..d.}.~'..d.}.Riche.}.................PE..L...pPjW...........!.........l.....................o.........................`......-.....@.............................1............0............... ..@....@...................................... ...@...................l...`....................text............................... ..`.rdata...L.......N..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..*....@......................@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):51264
                              Entropy (8bit):6.565433654691718
                              Encrypted:false
                              SSDEEP:768:a+BEJER/xSW/EoB8VBQZbKYawLysHFhIAqQbQMD8YpwQ+Qi4v8qUYVC7R:a+BEJERvQGbKnwusjIAq08YDi4UqUYoR
                              MD5:95EDB3CB2E2333C146A4DD489CE67CBD
                              SHA1:79013586A6E65E2E1F80E5CAF9E2AA15B7363F9A
                              SHA-256:96CF590BDDFD90086476E012D9F48A9A696EFC054852EF626B43D6D62E72AF31
                              SHA-512:AB671F1BCE915D748EE49518CC2A666A2715B329CAB4AB8F6B9A975C99C146BB095F7A4284CD2AAF4A5B4FCF4F939F54853AF3B3ACC4205F89ED2BA8A33BB553
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J!...@..@..@...@..@...u..@...B..@..@..@..8M..@...t..@...E..@...D..@...C..@.Rich.@.........PE..L...pPjW...........!.....V...Z......9_.......p.....o................................X.....@..............................+..L|..........................@.......t....r...............................{..@............p...............................text...TT.......V.................. ..`.rdata...F...p...H...Z..............@..@.data...(...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):17472
                              Entropy (8bit):6.403594687791098
                              Encrypted:false
                              SSDEEP:192:A3PK394shTLHzW8KMw3X+PVR6y/FNdoEUtnYe+PjPriT0fwoBpp6Z:BThTrzPPQOPV5NNdoEwnYPLr7xc
                              MD5:94CAADA66F6316A9415A025C68388A18
                              SHA1:57544E446B2B0CFBA0732F1F46522354F94B7908
                              SHA-256:D1C4FB91296D643AEE6AB9CD66CC70ACBE2667AD572D969A06FFEAA2A8859FAF
                              SHA-512:AC29E7C722A266DCB633953EF2A7E33DF02059AC7876FF94828464B5B74B5BC321C5D2D2851F3CBBFE1328D18F3CD9A49E5EFFE7E4E8AC2BEB3A0E4AAA53AD87
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w....@..w..O9K..w....O..w...w...w....M..w....x..w....y..w....H..w....I..w....N..w..Rich.w..........PE..L...qPjW...........!................)........0.....o.........................p......w.....@..........................7.._....3..<....P...............,..@....`.......0...............................2..@............0...............................text...>........................... ..`.rdata..O....0......................@..@.data...X....@......."..............@....rsrc........P.......$..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):16448
                              Entropy (8bit):6.380289288441742
                              Encrypted:false
                              SSDEEP:384:GpsCgvnvId6YmSHhV85AeencGtnYPLr7Vz:GpsDngGS/851ebC7Vz
                              MD5:7DA6AA3CC4763C6F9C20B43E6C9A9547
                              SHA1:3F28CF8E6AAD199DCC621F2A2C8AD50126813B05
                              SHA-256:F7375AD07F0BE6FD75E822A9ECFF5ACA073DB03B95894C05C7657BEC7AF59AF4
                              SHA-512:7948EAA11B4026F9975B6CC4225A4C0B617341299364196F3825EEF4484A6EEB529319BF4F6D19436689083C36BF1F6B9880574764612FC900C8CC1D73EED1BB
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......1.....@..................................#..P....@..H............(..@....P....... ..............................h"..@............ ...............................text............................... ..`.rdata..*.... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15936
                              Entropy (8bit):6.4779230305378315
                              Encrypted:false
                              SSDEEP:384:Gpsk5Bn46zmSHhV8yYAeeU4Sz5uwnYPLr73ki:GpsungS/8yY1eUuwC79
                              MD5:E9AA62B1696145A08D223E7190785E25
                              SHA1:A9A0CB22A28A3843CF6CCBC9578B1438F0A7B500
                              SHA-256:EA9DF3432EF31B6864112AF1CEC94E6BE33B92A9030369B9F99225113BCA6EF8
                              SHA-512:516FA102922980DF592DD08A840DA9073B6568F5E52847968C59995F2BD067AC6D2668D0272AE017D0C71AF627766A8676AE1EB1BC520B76F1F9C5CEEB4BA840
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......#....@.................................D#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):773968
                              Entropy (8bit):6.901569696995594
                              Encrypted:false
                              SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                              MD5:BF38660A9125935658CFA3E53FDC7D65
                              SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                              SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                              SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):172096
                              Entropy (8bit):6.3747906238754855
                              Encrypted:false
                              SSDEEP:3072:1WkHL+UE3r2l5p2WqjgFWcWpPa6QoCzOb/UcODMM4cBqg8UyJNd5uGZzfYtRD+Em:YdNq5YkFuPYzOb/UcODMM4cBqg8UyJNR
                              MD5:FB658E2F5E185FE5762B169A388BA0BD
                              SHA1:386235AB2F7AD35E82CD9AC97E9B56E1E308BC90
                              SHA-256:A91E68C76A90A02D9EDF75E5141C248B3AA5DD612E37883D27065D78A782AF20
                              SHA-512:B0EAB6F2572552298CD221AF9E71CA7C02375D92E14F7EBD783F5DC9247964F72E658DBFC4273BD3C36DF57199171263F1A4969F133823965448C552BB514EEC
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-n.C=.C=.C=...=..C=a..=..C=...=..C=...=..C=.B=..C=...=..C=...=.C=...=.C=...=.C=...=.C=...=.C=Rich.C=........................PE..L...rPjW...........!.....J...@.......-.......`.....o......................................@.............................A............ ...h..............@.......h....c..................................@............`..H............................text....H.......J.................. ..`.rdata..!....`.......N..............@..@.data...X!..........................@....rsrc....h... ...j..................@..@.reloc...".......$...d..............@..B................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15936
                              Entropy (8bit):6.477211573452372
                              Encrypted:false
                              SSDEEP:384:Gps25Bnb61mSHhV8nOeet4SzvBQnYPLr7D8/:Gpson1S/8nTetJSC7+
                              MD5:ED3F3D8E4C382BF8095B9DE217511E29
                              SHA1:CAE91B9228C99DCC88BAC3293822AC158430778C
                              SHA-256:800F41B877AA792A8469C4DBB99838E7A833B586EC41BD81DA81EAA571F7FAC1
                              SHA-512:023855267C6CC6BD5230E7A922310328E8DC0521C041C038C579035C9B1E70EAC168695B56357793505375E0B134FAD040BB284C6B02B3190EE7F6FCAEC33FE9
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`...........@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):52800
                              Entropy (8bit):6.433054716020523
                              Encrypted:false
                              SSDEEP:1536:Rk2X5KQaT9nNrmTTY99ccAlGGzGRulFJWpiDO:RkgUhpmA99ccOGGzGRuPJWpgO
                              MD5:6D05EAD2F6B95C4AFFCFB1B27DC0C188
                              SHA1:0D04A67505D006493F252985AC294B534D271EF2
                              SHA-256:6330591A151E565B5EAB2D174DF8E2F6523A8F403E4E8D8C8DC58D0945881F19
                              SHA-512:DBE98FA16162636039853E9A82CADBE4E6D5A4E6E282A3FBBC122229C314C91E7C445FEB83921EBFE024DC09BC6AA76682F903036A2D2BEA363F1D09DD571B10
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..D5.w.5.w.5.w..J..7.w.5.v...w.8..6.w.8..6.w.8..9.w.8..7.w.H..2.w.H..4.w.8..4.w.H..4.w.Rich5.w.........................PE..L...pPjW...........!...............................o................................/&....@....................................<.......................@...............................................@............................................text.............................. ..`.rdata..X...........................@..@.data...D...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):116288
                              Entropy (8bit):5.7845827860105885
                              Encrypted:false
                              SSDEEP:3072:UbqmeUF67oaebwU3ta+uHMg9glgFvcfgfgzgG4g9XTXDXp+RuXGXlXdY9vXTXvXQ:8qmeUF67ZeUUVjcIA
                              MD5:5AADADF700C7771F208DDA7CE60DE120
                              SHA1:E9CF7E7D1790DC63A58106C416944FD6717363A5
                              SHA-256:89DAC9792C884B70055566564AA12A8626C3AA127A89303730E66ABA3C045F79
                              SHA-512:624431A908C2A835F980391A869623EE1FA1F5A1A41F3EE08040E6395B8C11734F76FE401C4B9415F2055E46F60A7F9F2AC0A674604E5743AB8301DBADF279F2
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........tm....X...X...X.G.X...X.G.X...X.G.X...X.G.X...XR..X...X...X...X.l.X...X.l.X...X.G.X...X.l.X...XRich...X........PE..L...pPjW...........!................=..............o................................|.....@.........................0...K...|...d.......................@....... ......................................@...............4............................text.............................. ..`.rdata..X...........................@..@.data...............................@....rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):86592
                              Entropy (8bit):6.686302444148156
                              Encrypted:false
                              SSDEEP:1536:/QsPinZd9lmzFRQnJ9sSpkWgVenAe7C3xWxNO3A4:lPE9lEmtpkj7eqWxNCA4
                              MD5:5E6DDF7CF25FD493B8A1A769EF4C78F7
                              SHA1:42748051176B776467A31885BB2889C33B780F2D
                              SHA-256:B9BEACA57BFF23C953917C0B2037351EF3334E6A9DE447DCA6542FE5C815BF9F
                              SHA-512:C47F742F064B99E5B9C2BDEAC97472D9D8C9466C9071E9799AF79F820199D9B30B198C33EF635F07A972B77475AFEA9E7417AA6335D22A7380E7B0E552869C18
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!3.ueRr&eRr&eRr&...&gRr&eRs&ERr&h..&fRr&h..&oRr&h..&hRr&h..&gRr&.+.&nRr&.+.&dRr&h..&dRr&.+.&dRr&RicheRr&........PE..L...qPjW...........!................~..............o................................O.....@........................../..B...D4..<....p...............:..@.......\...................................0...@...............|............................text...4........................... ..`.rdata..*w.......x..................@..@.data...$....@....... ..............@..._RDATA.......`.......(..............@..@.rsrc........p.......0..............@..@.reloc..\............4..............@..B................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):14912
                              Entropy (8bit):6.381906222478272
                              Encrypted:false
                              SSDEEP:192:kNncquU+hyD13XLPVlD6o+N9F5os7USnYe+PjPriT0fwXF27:kNcWp7PVl67/nYPLr7s27
                              MD5:3C9DC0ED8ADD14A0E5B845C1ACC2FF2E
                              SHA1:25C395ADE02199BEDCEE95C65E088B758CD84435
                              SHA-256:367C552FBA3DA5F22791CF8F22B983871639ECD2EF7F5B1880021FE4C4F65EE4
                              SHA-512:4DD5F68180D03B6621E46732F04B47F996B96F91F67845538D1B303E598CCFDB5E4F785A76DE7DFCB8918125FDB06B9068C4EAB06984B5AA9224DCE90190BA1A
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z>Mg._#4._#4._#4.'.4._#4..4._#4..4._#4..4._#4._"4>_#4..4._#4..4._#4..4._#4..4._#4Rich._#4................PE..L...pPjW...........!......................... .....o.........................`.......>....@..........................%......\"..d....@..............."..@....P..D.... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15936
                              Entropy (8bit):6.466364086630595
                              Encrypted:false
                              SSDEEP:384:Gpss5cnn6vmSHhV8TI1ee84SzK8nYPLr7HuY:Gps7nnS/8Tte8tC7HuY
                              MD5:12B6E1C3205A8B17AC20E00A889DFC43
                              SHA1:42458CFA7135858ACEF10803B87A208FA7E66413
                              SHA-256:EAEA20A794EC6BB15808EF278376A87CF91F9BE15FE6A7DE92014AC4BF75555D
                              SHA-512:174703820636DED2BA081420A8D1E37D67FDA6C13AC406C2F08E16DCF0C7B7D9642E37BC888802B50ED3438D6029C4FECCD7C151B82CF9A91F13F36C4A0B2019
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......r.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15936
                              Entropy (8bit):6.475930674615241
                              Encrypted:false
                              SSDEEP:384:GpsFG5BnK6xmSHhV8TCeeX4SzREnYPLr7Ggp:Gpsen0S/8TveXUC7jp
                              MD5:31C0CED43A07A2DFF3AFC557EBABBE0F
                              SHA1:9100A7393B919EB35C79CE16A559D783219E2F20
                              SHA-256:B93D0D62436D89C84C66ABBDCF817084A6BA01F7E10053C8F343DF5D53D37536
                              SHA-512:716818BBF6E4F21C2A627259F1D35E8375EFEF9C3B197B3AF6E10A4A1735CC643141C32270DF7F6FE25733517BE38CAA09205B98119996237E8EAE6A7D0825A7
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......84....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):15936
                              Entropy (8bit):6.475447140204412
                              Encrypted:false
                              SSDEEP:384:Gps85BnF26emSHhV8QM1eet4SzvBonYPLr7I:GpsGnFjS/8QBetJWC7I
                              MD5:43C1D1D0E248604CB3B643C0BDF4EC9A
                              SHA1:7BEE9DEB1E43F0FECF0FC57BDFD3F79CF048151F
                              SHA-256:165BFF317674BE33F2920320F3EF0957539E5BF149B673C2073DF48FF93A6D94
                              SHA-512:CAA9B14DF20FFF92CFC4F9A8557804FBD4CC02831824CD53AEAC7D0EE7918BBD50E22A69AB5FFC9E92A468A5201DF263707D373D60378817DC5FEFDE1ABC48BF
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......t....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):177216
                              Entropy (8bit):6.909590121652277
                              Encrypted:false
                              SSDEEP:3072:L9Wyo+Jyru3w8WqWnJjOUrI7vh+Dug9PVWU+kmaVE9TBfQiJ8:BWyPsi34i+DugFj+kmaVE9TB4/
                              MD5:8DC2356E3FF3A595AEDE81594A2D259A
                              SHA1:A05E05E9EA8FB0C8928112CA931EB4F5E977B92A
                              SHA-256:B9DE5D3ABBC0AC956E7F590E4C8507FF570B6C353374BB80F413B5846CE322FE
                              SHA-512:D5C83EBDB7192DD361856B236A07AFD4FF95E68E0036396D68A3407ED680D4A36EC857AB101DBA5F583AA67CC45A2835178DAC84A68472C7F619EFA674FE51F0
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................8h....z.l.....8j.....8_......_......g.......h....8^......8o.....8n.....8i....Rich...........................PE..L...pPjW...........!...............................o......................................@.........................`...........P.......................@...........`...................................@...............D...|...@....................text............................... ..`.rdata..]...........................@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):473152
                              Entropy (8bit):5.475991416072106
                              Encrypted:false
                              SSDEEP:6144:ngmgmb+p19k+j4QJKFDSha+IJ6NyLu/wtAWvrMZp5WMuBzj:n17bsj4QJlha+XNyLu/iAWvhBzj
                              MD5:79CFE207E05F771E29847573593F6DE1
                              SHA1:34DFA813802C6F5A57A557BF72B2B306F8042E90
                              SHA-256:AEB27727F428116069944BB92B477D7487C9DEB3921E1005814536459E35222F
                              SHA-512:2C71A827BB156BD012BE20B30D701D5123D8B6C7889D4F4A47A483D3477C25BF224E7F205CA9FCCB08DA0A2EF28AF6433D018A0E555BCE911C31A5F462F41578
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....@..@..@..4@..@.u2@..@.u.@..@../@..@..?@..@..@:.@k..@..@.u.@\.@.u7@..@.u6@..@.u1@..@Rich..@........PE..L...pPjW...........!.....^..........r .......p.....o.........................p............@.........................@D.......+...........s........... ..@.... ..H6...t..................................@............p.......).......................text...\\.......^.................. ..`.rdata.......p.......b..............@..@.data....I...P...*...8..............@....rsrc....s.......t...b..............@..@.reloc...H... ...J..................@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):52800
                              Entropy (8bit):6.367562931371078
                              Encrypted:false
                              SSDEEP:768:0UD9dxWf4b4UoY6sUsaJ2sQ7O+phclByW3T9KMDbgz2dN6lDb/9/YMw0c3D6QsTY:0IofovBbS9KMvHR0cz6QsTPOXm2BT9j7
                              MD5:F434A8AC7F1C8C0E2587B9A9F30E397B
                              SHA1:BD62E10E44117A60EB4180412112593D9460299D
                              SHA-256:6A994B389B8F7109238DE6F230B1B540186ED2EC8D081C7601C6996863AA4DC8
                              SHA-512:9896DAC36BD4F7289C7701B75AD8EB9F7ACD233384075A3FBA6E6F2F38E420F37C1A29317EEEA3C4DDBA1791F6F17187DD5BDFDD9F98F095E7D4DF20C0D5EA3E
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hi.m...>...>...>..u>...>.Fq>...>..w>...>..C>...>.pj>...>.pz>...>...>...>c~B>...>..B>...>..s>...>..t>...>Rich...>........PE..L....HjW.................f...R.......i............@.................................._....@.....................................x.......................@.......X...@...............................P...@...................`........................text....e.......f.................. ..`.rdata...5.......6...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):123968
                              Entropy (8bit):6.699694377005066
                              Encrypted:false
                              SSDEEP:1536:jWi/SLhxEJKv0O4+zwtKg3HquHB2u0YUdRXGCDilgKptxG0ULtt1vtxgl0IlgqA2:+vdtg6ZYUniPe5vtxgl0IlgqA2
                              MD5:0BAB62A0CF67481EA2A7F3CAFD7C5144
                              SHA1:D6B010C815F4D9C675DF918B615FE0AAE45249EA
                              SHA-256:FC57682FDBCA50FAEBFC6B4F5D199FC407A541C110C15F0C850503006D32301A
                              SHA-512:0128813DE247246BF4AECE1B222B6611E5AE1EDE01A1B339CFE0F98184739D7A066DAE4F1A271F544BB39F9B79F053F4B96F2E471B9444C29855CF52FB7835CB
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..@=..=..=..4.1.?....:.<..&G>.>..=.....&G<.:..&G..>..&G.....&G9.<..&G8.<..&G?.<..Rich=..................PE..L...qPjW...........!.........................0.....p......................................@.........................p...:...\...<.......................@............0..................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..>...........................@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):25664
                              Entropy (8bit):6.488681310308951
                              Encrypted:false
                              SSDEEP:384:GxZ2v7Oc56lspQEgde9M3z27lFOJIjkzIPV5yKlWFKbKwnYPLr7Wo5L:Xr5PQEOe9MD4lFhjk8ddeKWwC7dL
                              MD5:039AD8A7A4B14C321F156878838A2340
                              SHA1:6AD9D2FBA988193D16E7B3278C0D0757AB99B3EF
                              SHA-256:ED3AD7EBA989FB31C2ABC3220694D1446D33659782CB1B333318EC54A577389D
                              SHA-512:7D5B8C191A7D0C4FEDB831DE197A3CB5DC0564AD3F2E57EEE8C506B2308B656D2F0FE086D508FAB8F03CA0E1B0574E708728373DFA3116C9B9FC5DFDB72FEE46
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.............................;......V...............:..........................Rich....................PE..L...rPjW...........!.....(..."......h2.......@.....p.................................3....@.........................`O.......G..d....p...............L..@...........PA..............................8D..@............@..4............................text....&.......(.................. ..`.rdata..8....@.......,..............@..@.data...`....`.......B..............@....rsrc........p.......D..............@..@.reloc..^............H..............@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):195136
                              Entropy (8bit):6.80727029211823
                              Encrypted:false
                              SSDEEP:3072:fmtIwyq6lFq857zCYLFYEVothL10xYOXjV5qECVTHLy71vJ2qIcWYEfQQxIYh5t+:mIwyqM7qYLVVIqhfqfTm1W+Tws
                              MD5:E1904A4B2D6F657B9FEF053893FE3C41
                              SHA1:59AC965A1029AE936DDD5AE623A9A025D49737EC
                              SHA-256:5929E3510F67FEAE073B8995BFC542FD7A0626F57D2FBC829EFC95206DF8F85F
                              SHA-512:C0A60928299EA2E6DC8AD1E3DE9CEF77C8E520585F8D73BD7F56E33705D1A2AEC04AE9C01A8069AE5A0D71F28AEF42F4A260CF4D5BB44A95DCEB70E5C8DB8FEA
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.zS$...$...$...-..&...?>..'...?>..!...$.......?>.. ...?>......?>..%...?>..%...?>..%...Rich$...................PE..L...pPjW...........!.....f...........p.............p......................... .......]....@.............................f...\...P.......................@...............................................@............................................text....e.......f.................. ..`.rdata..v[.......\...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):16448
                              Entropy (8bit):6.392776971200692
                              Encrypted:false
                              SSDEEP:384:GpssZwnvNmc6DDmSHhV8Ogee1cGPnYPLr7fl:GpssqnFm16S/8OVeLC7fl
                              MD5:7624A9B769CDCF3A75FE5A9FEAADD61F
                              SHA1:9269968968CD63D6E1ECC14F78B9A630FCC26FBE
                              SHA-256:41F9A804C888A58DECDE2B63A544DBFF536B40D87CECED197E1A14050858C0DA
                              SHA-512:1AF7BB30E1FC7600AD0A209DB4E077DAB9CEAA5C4332F8B1353ED0DB7EA71B4A9B7D126E756B634D3FB22618E39AFC5ED52263C88E9F7646EAABB0D9240E382B
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......n.....@..................................#..P....@..\............(..@....P....... ..............................."..@............ ...............................text............................... ..`.rdata..J.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):65600
                              Entropy (8bit):6.461111208462538
                              Encrypted:false
                              SSDEEP:1536:lVeogiQWo3IzLIoDY9p6K/sdDAZ5e1x3afX:veDib4oDu4K/sdDAZ5CxEX
                              MD5:806580640A68234A711D3BB0642130A7
                              SHA1:1EDF20DAAC15FE90E9891E95130D0DD70D005B62
                              SHA-256:CCCC2A9F54E4F5961DD45DAA1F6C97ECFB156EA8E0DF82277A2C109EA4D2E036
                              SHA-512:0AAC087449DEECBB1CFAEE5C3144500CDC4C1D209D1F1F7D8EB41DD7870504BF71D0CC9AE7761BFC609F42273B7FB3CA7801AA54FB0E92BC71C41CC5CAECD31C
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.H%..H%..H%..A]).J%...k".I%..S.$.L%..S...D%..S.&.O%..H%..w%..S...A%..S.!.I%..S. .I%..S.'.I%..RichH%..........PE..L...pPjW...........!.........L.....................p......................... .......<....@.........................`...........d.......................@...........................................P...@............................................text............................... ..`.rdata..q-..........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):159296
                              Entropy (8bit):6.019927381236816
                              Encrypted:false
                              SSDEEP:3072:9vFy5zbJEQFFB9AYeb11tzTQrTBfYEaf9zQ6NlUlh5:7iFry3b11twTBgEaf9zQ6Nc
                              MD5:C15F0FE651B05F4288CBC3672F6DC3CE
                              SHA1:FFCE84FE532B41F31CDDC41C84024FAFE6BC30E6
                              SHA-256:869DC4D40444F10325057B0CC3BB7EA48942DD712DF8A1AE331A554FF0397F1A
                              SHA-512:E9E27C4C68972E3250B380C1A5D5EB02BEC03028D389234A44A7D56974BFA233D177173F929BDB6FF877AE17A529D85D384684B0037E260A0143F7A95A0204C6
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ar.:%..i%..i%..i,kKi'..i.]@i&..i>.Di&..i%..in..i>.Fi ..i>.ri8..i>.si,..i>.Bi$..i>.Ei$..iRich%..i........PE..L....DjW..........................................@..................................c....@..................................p..<....................V..@........... ...............................@6..@............q...............................text............................... ..`.rdata.............................@..@.data........P.......(..............@....idata..D....p.......8..............@....rsrc................B..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):39488
                              Entropy (8bit):6.751057397220933
                              Encrypted:false
                              SSDEEP:768:Okt1MVMrA9/Klzwz9UyCgMUt9onPs3h3nVt83OndMY7dmMpAnC70N:Oo1oMQ/CrPa3VWO+gdmMW6q
                              MD5:DE2167A880207BBF7464BCD1F8BC8657
                              SHA1:0FF7A5EA29C0364A1162A090DFFC13D29BC3D3C7
                              SHA-256:FD856EA783AD60215CE2F920FCB6BB4E416562D3C037C06D047F1EC103CD10B3
                              SHA-512:BB83377C5CFF6117CEC6FBADF6D40989CE1EE3F37E4CEBA17562A59EA903D8962091146E2AA5CC44CFDDDF280DA7928001EEA98ABF0C0942D69819B2433F1322
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.d....]...]...]...]...].H.]...].H.]...].H.]...]...]_..].H.]...].H.]...].H.]...].H.]...]Rich...]........................PE..L...pPjW...........!.....N...4.......W.......`.....p................................*k....@.................................<x..P.......................@...........Pa...............................v..@............`..<............................text....L.......N.................. ..`.rdata..e!...`..."...R..............@..@.data...(............t..............@....rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):21568
                              Entropy (8bit):6.4868701533420925
                              Encrypted:false
                              SSDEEP:384:uVI9/tEAHVvfiqiW9LEiGTHb6hVXbS7fLsD5bGGNET7T7T7T7JyFoynPV5hgGLVt:uVI9/yA9f1iW9LEiGTHb6hVXbS7QbGG9
                              MD5:7C2959F705B5493A9701FFD9119C5EFD
                              SHA1:5A52D57D1B96449C2B40A82F48DE2419ACA944C3
                              SHA-256:596F89E7E5D9AC2B1F97FA36A20A7405C1CC41A9FCBA96DB089ADA4550131B24
                              SHA-512:B7B48BD14701F75B9018BEDEE5A4CFCEBDAC342F83339FB3F1EFB7855598474C9D1CC993B5D4ADD3326140435087D2BD7CBBC18BC76C64EAD6234A9A7D57C552
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..3..`..`..`.E.`..`.E.`..`.E `..`...`..`..`2.`.E!`..`.E.`..`.E.`..`.E.`..`Rich..`........................PE..L...pPjW...........!.........".......#.......0.....p.................................h....@.........................@B.......<..x....`...............<..@....p.......0...............................;..@............0...............................text............................... ..`.rdata..6....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc..&....p.......8..............@..B................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):163904
                              Entropy (8bit):6.508553433039132
                              Encrypted:false
                              SSDEEP:3072:onzJtwzsrYx6cY+90AiVrM5muIqltkt7maRoM/X1fJqO0NJT:onttwzsrYxTaVVY5muIq3mx/X1fcb
                              MD5:A63387A1BFDF760575B04B7BFD57FF89
                              SHA1:9384247599523D97F40B973A00EE536848B1D76F
                              SHA-256:5DF5B7E6EFCC345DDC8448AFC707B666F5F696F554B00ACA64D8E23EDBC176BF
                              SHA-512:CB3A6A394424345FFA076E0BE58F284A0E4DB6FBFCE02D93FB4871D350A7FA1E673175AE988C26453DB1C983C0D06A01DD413DE47031BB4BF308CAAF3513C36F
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T.^.T.^.T.^..)^.T.^../^.T.^...^&T.^.".^.T.^.,2^.T.^.,"^.T.^.T.^MT.^...^.T.^..*^.T.^..+^.T.^..,^.T.^Rich.T.^................PE..L...rPjW...........!...............................p......................................@.................................D........p..P............h..@.......d...................................P...@.......................@....................text............................... ..`.rdata...d.......f..................@..@.data...`@... ..."..................@....rsrc...P....p.......(..............@..@.reloc..~/.......0...8..............@..B........................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):69696
                              Entropy (8bit):6.89860109289213
                              Encrypted:false
                              SSDEEP:1536:ZCghp1EJqcGdjandlraksIOwIOpVnToIft4tpgO6:/142jUhimp9TBft4tqO6
                              MD5:CB99B83BBC19CD0E1C2EC6031D0A80BC
                              SHA1:927E1E24FD19F9CA8B5191EF3CC746B74AB68BCD
                              SHA-256:68148243E3A03A3A1AAF4637F054993CB174C04F6BD77894FE84D74AF5833BEC
                              SHA-512:29C4978FA56F15025355CE26A52BDF8197B8D8073A441425DF3DFC93C7D80D36755CC05B6485DD2E1F168DF2941315F883960B81368E742C4EA8E69DD82FA2BA
                              Malicious:false
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H....................2.................4.....................5.............................Rich............PE..L...pPjW...........!.........h.....................p.........................0......V.....@.................................L...d.......................@.... ..X...0...................................@............................................text............................... ..`.rdata..wV.......X..................@..@.data...............................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):155
                              Entropy (8bit):4.618267268558291
                              Encrypted:false
                              SSDEEP:3:nSkoZgZLXnuWxVEsTwVAAiuKIn7IRAdSPGGzJ0vwQAnfMaAHCRyvy:nBcAPWEwVAkIiSPhwwpkaAHCIa
                              MD5:9E5E954BC0E625A69A0A430E80DCF724
                              SHA1:C29C1F37A2148B50A343DB1A4AA9EB0512F80749
                              SHA-256:A46372B05CE9F40F5D5A775C90D7AA60687CD91AAA7374C499F0221229BF344E
                              SHA-512:18A8277A872FB9E070A1980EEE3DDD096ED0BBA755DB9B57409983C1D5A860E9CBD3B67E66FF47852FE12324B84D4984E2F13859F65FABE2FF175725898F1B67
                              Malicious:false
                              Preview:#..# Load the Java Access Bridge class into the JVM..#..#assistive_technologies=com.sun.java.accessibility.AccessBridge..#screen_magnifier_present=true....
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1438
                              Entropy (8bit):5.214662998532387
                              Encrypted:false
                              SSDEEP:24:QVDpdQYHLOVhl86bePCkHUMCLC9TFcgg+DR+Oby:MQ4LOVh2WGfUMCLC9Zcgg2Ru
                              MD5:92BA2D87915E6F7F58D43344DF07E1A6
                              SHA1:872BC54E53377AAC7C7616196BCCE1DB6A3F0477
                              SHA-256:68F0CF30429A42A6FE78B1DE91970E5C78FD03D1599BEB080C1C196D5C59E4C0
                              SHA-512:A964E2CEB4D601FAF28ECF13FB11777B70708C21CF9EA23721E462B6E911051108B8A42EBF6447FA49CB61D7FA2D79475F50EE791F1121616371E2B02FAB71B6
                              Malicious:false
                              Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..# Japanese imperial calendar..#..# Meiji since 1868-01-01 00:00:00 local time (Gregorian)..# Taisho since 1912-07-30 00:00:00 local time (Gregorian)..# Showa since 1926-12-25 00:00:00 local time (Gregorian)..# Heisei since 1989-01-08 00:00:00 local time (Gregorian)..calendar.japanese.type: LocalGregorianCalendar..calendar.japanese.eras: \...name=Meiji,abbr=M,since=-3218832000000; \...name=Taisho,abbr=T,since=-1812153600000; \...name=Showa,abbr=S,since=-1357603200000; \...name=Heisei,abbr=H,since=600220800000....#..# Taiwanese calendar..# Minguo since 1911-01-01 00:00:00 local time (Gregorian)..calendar.taiwanese.type: LocalGregorianCalendar..calendar.taiwanese.eras: \...name=MinGuo,since=-1830384000000....#..# Thai Buddhist calendar..# Buddhist Era since -5
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):3091908
                              Entropy (8bit):6.633254981822853
                              Encrypted:false
                              SSDEEP:49152:puZi4j4TQkgaSOHEhjy2twRYEc1sJzlbguMuD:puZiW4smxGocuJlbgq
                              MD5:0B3923ABB0D48FDAE7A2306717967B39
                              SHA1:0882294FFEC2769023AA36FF9CC53562F8E26020
                              SHA-256:E88AEC2A49F07CAC9471D9E4C113FA189600B57245685814D043C20EA8A8B471
                              SHA-512:CF622081B290140CE8419B30FB25442F7204C9A37E1490030A4D656F66C509946F48C50CC7794DA51007EFB202805605FE3C2AC3534D63FBF928EA35CE16A040
                              Malicious:false
                              Preview:PK........s..H................META-INF/....PK........s..H<:S1D...D.......META-INF/MANIFEST.MFManifest-Version: 1.0..Created-By: 1.7.0_07 (Oracle Corporation)....PK...........HUi..............sun/nio/cs/ext/Big5.class.......4."..........t....t............................................................................................................................................................................................................................................................................................................................................................................~.........b2cSBStr...Ljava/lang/String;...ConstantValue...b2cStr...[Ljava/lang/String;...b2c...[[C...b2cSB...[C...b2cInitialized...Z...c2b...c2bIndex...c2bInitialized...<init>...()V...Code...LineNumberTable...historicalName...()Ljava/lang/String;...contains...(Ljava/nio/charset/Charset;)Z...StackMapTable...newDecoder..#()Ljava/nio/charset/CharsetDecoder;...newEncoder..#()Ljava/nio/charset/Ch
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):84355
                              Entropy (8bit):4.927199323446014
                              Encrypted:false
                              SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                              MD5:7FC71A62D85CCF12996680A4080AA44E
                              SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                              SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                              SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                              Malicious:false
                              Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner
                              Process:C:\Users\Public\123.exe
                              File Type:Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
                              Category:dropped
                              Size (bytes):51236
                              Entropy (8bit):7.226972359973779
                              Encrypted:false
                              SSDEEP:1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW
                              MD5:10F23396E21454E6BDFB0DB2D124DB85
                              SHA1:B7779924C70554647B87C2A86159CA7781E929F8
                              SHA-256:207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
                              SHA-512:F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
                              Malicious:false
                              Preview:...$KCMS....spacXYZ XYZ .........2..acspSUNW....KODA.ODA............................................................................A2B0.......4B2A0.......4cprt.......Gwtpt...T....desc...h....K070........K071........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~.................................................................................................................................................................................................................................................................................................................................. !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmm
                              Process:C:\Users\Public\123.exe
                              File Type:Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
                              Category:dropped
                              Size (bytes):632
                              Entropy (8bit):3.7843698642539243
                              Encrypted:false
                              SSDEEP:12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl
                              MD5:1002F18FC4916F83E0FC7E33DCC1FA09
                              SHA1:27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
                              SHA-256:081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
                              SHA-512:334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
                              Malicious:false
                              Preview:...xKCMS....mntrGRAYXYZ ._..........acspSUNW....KODAGRAY.......................+....................................................cprt.......?desc........dmnd.......`wtpt........kTRC........dmdd.......dtext....COPYRIGHT (c) 1997 Eastman Kodak, All rights reserved...desc.......'KODAK Grayscale Conversion - Gamma 1.0..................@...............~.......................~.......~..............desc........KODAK..................@..................................................,...,....XYZ ...............+curv............desc........Grayscale..................@..................................................,...,....
                              Process:C:\Users\Public\123.exe
                              File Type:color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
                              Category:dropped
                              Size (bytes):1044
                              Entropy (8bit):6.510788634170065
                              Encrypted:false
                              SSDEEP:6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw
                              MD5:A387B65159C9887265BABDEF9CA8DAE5
                              SHA1:7913274C2F73BAFCF888F09FF60990B100214EDE
                              SHA-256:712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
                              SHA-512:359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
                              Malicious:false
                              Preview:....KCMS....mntrRGB XYZ ............acsp........KODK...........................,KODK................................................cprt.......Hdesc...8....rXYZ........gXYZ........bXYZ........rTRC........gTRC........bTRC........wtpt........text....Copyright (c) Eastman Kodak Company, 1998, all rights reserved..desc........linear sRGB............l.i.n.e.a.r. .s.R.G.B.....linear sRGB........................................................XYZ ......m...6.....XYZ ......e........!XYZ ......#B...^...Kcurv........................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..........................................................................................................................................................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
                              Category:dropped
                              Size (bytes):274474
                              Entropy (8bit):7.843290819622709
                              Encrypted:false
                              SSDEEP:6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I
                              MD5:24B9DEE2469F9CC8EC39D5BDB3901500
                              SHA1:4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
                              SHA-256:48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
                              SHA-512:D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
                              Malicious:false
                              Preview:..0*KCMS....spac3CLRLab .........2..acspSUNW....KODAnone............................................................................A2B0... ...4B2A0...T..f4cprt..-....Gdmnd..-....ndmdd...@...zwtpt........desc.......nK013../@....K019../L....K030../.....K031..0.....K070..0.....K071..0 ....mft2.....................................................K.S.8.....l.....0...3.........U.. .!h".$.%\&.'.)5*y+.,..5/o0.1.3.4E5v6.7.8.:*;S<z=.>.?.A.B,CLDkE.F.G.H.I.K.L!M7NLO`PsQ.R.S.T.U.V.W.X.Y.[.\.].^._%`,a2b8c=dAeEfHgJhLiMjMkMlLmKnIoFpCq@r;s7t1u,v%w.x.y.z.z.{.|.}.~...............p.b.S.C.3.#..............~.j.U.@.+.............t.\.C.*...........r.W.;...........p.R.3..........w.V.6.........l.J.'........v.R.-.......t.N.(.......f.?........v.N.%........U.+.......U.*......z.N."......n.@.......Z.+......o.@.........P. .......\.+.......d.1...........................z.p.f.[.Q.G.=.3.). ........................ .!.".#.$.%.&{'s(k)d*]+U,N-G.@/9021,2%3.4.5.6.7.8.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.
                              Process:C:\Users\Public\123.exe
                              File Type:Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
                              Category:dropped
                              Size (bytes):3144
                              Entropy (8bit):7.026867070945169
                              Encrypted:false
                              SSDEEP:48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0
                              MD5:1D3FDA2EDB4A89AB60A23C5F7C7D81DD
                              SHA1:9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
                              SHA-256:2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
                              SHA-512:16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
                              Malicious:false
                              Preview:...HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._.....
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):5824
                              Entropy (8bit):5.074440246603207
                              Encrypted:false
                              SSDEEP:96:6M5VfH+uEMmPDkZeujdJfZUB8BB/+PhPXsOQ71GAXf5lZuU1EbWF7Ycx/AQ12a8T:6M6p4ZeWd1ZUB8BBGPhPXsOQ71GAXBly
                              MD5:95AE170D90764B3F5E68C72E8C518DDC
                              SHA1:1939B699D16A5DB3E3F905466222099D7C29285A
                              SHA-256:A2B31E9CBCEAB296A5E1CF056EFD953CED23B888CD929B0BBE6EB6B53D2BF861
                              SHA-512:87E970BEAC8141C757D622FC8B6D84FE173EA4B134AFD8E2F979714C1110C3D92F3CE5F2B9DC74804DD37D13AB2A0EDF0FCA242F61CF8ED065AE81B7331F8816
                              Malicious:false
                              Preview:#sun.net.www MIME content-types table..#..# Property fields:..#..# <description> ::= 'description' '=' <descriptive string>..# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>..# <image> ::= 'icon' '=' <filename of icon image>..# <action> ::= 'browser' | 'application' | 'save' | 'unknown'..# <application> ::= 'application' '=' <command line template>..#....#..# The "we don't know anything about this data" type(s)...# Used internally to mark unrecognized types...#..content/unknown: description=Unknown Content..unknown/unknown: description=Unknown Data Type....#..# The template we should use for temporary files when launching an application..# to view a document of given type...#..temp.file.template: c:\\temp\\%s....#..# The "real" types...#..application/octet-stream: \...description=Generic Binary Stream;\...file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz....application/oda: \...description=ODA Document;\...file_extens
                              Process:C:\Users\Public\123.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4122
                              Entropy (8bit):3.2585384283455134
                              Encrypted:false
                              SSDEEP:48:BlWxFFGFSupi94blATFxjGph5vLC6/w37ZXQTbVm/eVzOBJ:BlWJEi94blAT+ph5vLkApmGqr
                              MD5:F6258230B51220609A60AA6BA70D68F3
                              SHA1:B5B95DD1DDCD3A433DB14976E3B7F92664043536
                              SHA-256:22458853DA2415F7775652A7F57BB6665F83A9AE9FB8BD3CF05E29AAC24C8441
                              SHA-512:B2DFCFDEBF9596F2BB05F021A24335F1EB2A094DCA02B2D7DD1B7C871D5EECDA7D50DA7943B9F85EDB5E92D9BE6B6ADFD24673CE816DF3960E4D68C7F894563F
                              Malicious:false
                              Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O......8...PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK...............J......0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):2282861
                              Entropy (8bit):7.951223313727943
                              Encrypted:false
                              SSDEEP:49152:ABSxAmHHJwEu4l3Dyz7oQHeNHJJ2aAvfZc:ABEtHHaEuI3Dy3oQH2pFAvW
                              MD5:2388C4C8D5F95E0379A8997C7C2492F4
                              SHA1:906BF87EB1D8881ABADBF93A3C4BBA7887CA2A01
                              SHA-256:A1FD508EACF76645EB0885B243B5DD14239F1E039E8B53ED038226DF91A30539
                              SHA-512:2CCE11A5F97DF842964B55408FCF1EC84C0CD561E664ABA3A51275EAFE59D7C920FCFD954C527DA4D53ACB191200CC64BF8150A33BCB9B038F36ADB2CC69B1A1
                              Malicious:false
                              Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/oracle/PK...........H................com/oracle/deploy/PK...........H................com/oracle/deploy/update/PK...........H................com/sun/PK...........H................com/sun/applet2/PK...........H................com/sun/applet2/preloader/PK...........H............ ...com/sun/applet2/preloader/event/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/appcontext/PK...........H................com/sun/deploy/association/PK...........H............#...com/sun/deploy/association/utility/PK...........H................com/sun/deploy/cache/PK...........H................com/sun/deploy/config/PK...........H................com/sun/deploy/jardiff/PK...........H................com/sun/deploy/model/PK.....
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                              Category:dropped
                              Size (bytes):14156
                              Entropy (8bit):5.649187440261259
                              Encrypted:false
                              SSDEEP:48:E84SHTDIbZI+R9ufdITe3MPu20DguN9P5YOinvYrJJ0JKP/U8HtK8NJO8lJi8VJb:kld6uQZ9P5dTC7IjZUkPmpaemFqKs8n
                              MD5:91052ADB799AEF68EA76931997C40CE4
                              SHA1:19255B8E335C22A171C26148099191708C99EE7A
                              SHA-256:61D1382375238F90E2E4EE2AF985D978F1409E01B38080E710DF4ACB2897E63B
                              SHA-512:39BAA49A1CEF533E5D3FFF1A86BC72CB346A6BF1928A9D8B505EBA09A4AB1506400234DE78BDFD925821F0A690B8887BD004A18CC64337DEB666CC2509DEE5DA
                              Malicious:false
                              Preview:PK........$..H............'...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/UT....GjW.GjWux.............PK........#..H................{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/UT....GjW.GjWux.............PK........#..H............6...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/UT....GjW.GjWux.............PK........#..H............>...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/UT....GjW.GjWux.............PK........#..H...V........H...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.jsUT....GjW.GjWux.............const gJavaConsole1_8_0_101 = {...id.: "javaconsole1.8.0_101",...mimeType: "application/x-java-applet;jpi-version=1.8.0_101",...install.: function() {...window.addEventListener("load",this.init,false);..},...init.: function() { ...if (navigator.mimeTypes[gJavaConsole1_8_0_101.mimeType]) {....var toolsPopup = document.getElementById("menu_ToolsPopup");.....toolsPopup.addEventListener("popupshowing",gJavaConsole1_8_0_101.enable,false)
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):2917
                              Entropy (8bit):4.838706790124659
                              Encrypted:false
                              SSDEEP:48:KaDMJ9TmsHDmDDCDP2un8YzgKe1E13Tstub22tTeF/Qi/WRtAXikTzgaENZzT3JI:KaD+9TmAe29vBotubbt2Oz+ENlbJI
                              MD5:2EB9117D147BAA0578E4000DA9B29E12
                              SHA1:3D297ECF3D280D4AA3D1423E885994495243F326
                              SHA-256:B8D9C69FF7F4832A9B365D4A43CF66DFF9847051752B13EEDF024CAA9C1EF46B
                              SHA-512:C3F7730767941B3C8F6F53D4686E9F898D1907D978F6D1FA35BA02C3FCD8306335406A5F9ABAA844F27F7AFD9E548810BECB9EC3E6B84888EA5EAC57B6ED6FDB
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internal error, unknown message..error.badinst.nojre=Bad installation. No JRE found in configuration file..error.launch.execv=Error encountered while invoking Java Web Start (execv)..error.launch.sysexec=Error encountered while invoking Java Web Start (SysExec) ..error.listener.failed=Splash: sysCreateListenerSocket failed..error.accept.failed=Splash: accept failed..error.recv.failed=Splash: recv failed..error.invalid.port=Splash: didn't revive a valid port..error.read=Read past end of buffer..error.xmlparsing=XML Parsing error: wrong kind of token found..error.splash.exit=Java Web Start splash screen process exiting .....\n..# "Last WinSock Error" means the error message for the last operation that failed...error.winsock=\tLast WinSock Error: ..error.winsock.load=Couldn't load winsock.dll..error.winsock.start
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (1345), with CRLF line terminators
                              Category:dropped
                              Size (bytes):3338
                              Entropy (8bit):4.919780187496773
                              Encrypted:false
                              SSDEEP:48:WvaqyL1nlrDtzh5+VN9JrnjXyv6jq/YgKe1h/KZkCUdr5pAvA1t2CPTOsdIamy:txrj5Snk6+wuir25pAvAv2ITOsd9
                              MD5:FF9CFEE1ACFCD927253A6E35673F1BB7
                              SHA1:957E6609A1AF6D06A45A6F7B278BE7625807B909
                              SHA-256:E130FBD5FA378A380F46F42981F2C97BC152059C27120204AB4DA47079D31513
                              SHA-512:F42601092436D7AF30CCD81126185232D9D643B195D3D4619AEC451E3E2A60E33E6378E770DD1A4CDF7AB20CB749371665A992CA73D2842A7102F3FB34B6B9EB
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=interner Fehler, unbekannte Meldung..error.badinst.nojre=Ung\u00FCltige Installation. Keine JRE in Konfigurationsdatei gefunden..error.launch.execv=Fehler beim Aufrufen von Java Web Start (execv) aufgetreten..error.launch.sysexec=Fehler beim Aufrufen von Java Web Start (SysExec) aufgetreten..error.listener.failed=Startbildschirm: sysCreateListenerSocket nicht erfolgreich..error.accept.failed=Startbildschirm: accept nicht erfolgreich..error.recv.failed=Startbildschirm: recv nicht erfolgreich..error.invalid.port=Startbildschirm: Reaktivierung eines g\u00FCltigen Ports nicht m\u00F6glich..error.read=\u00DCber Pufferende hinaus gelesen..error.xmlparsing=XML-Parsefehler: Falscher Tokentyp gefunden..error.splash.exit=Prozess f\u00FCr Startbildschirm von Java Web Start wird beendet.....\n..# "Last WinSock Error" mean
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (1475), with CRLF line terminators
                              Category:dropped
                              Size (bytes):3632
                              Entropy (8bit):4.776451902180833
                              Encrypted:false
                              SSDEEP:96:KHelXJn5woLUosi30hrleaRSfvlBY0CQ1Z:KHelNTAxFtlE/71Z
                              MD5:72BDAE07C5D619E5849A97ACC6A1090F
                              SHA1:9FC8A7A29658AC23A30AB9D655117BB79D08DC3B
                              SHA-256:821A3452ECB9F29BCEC16C0B39FB668C2CC30C7F7283B34BFC5400040723892B
                              SHA-512:67F0D1D60012B5598864B68612AA488AF1B5876FF5F347CD98ABCF1E3C0D267CF0354D5085BF12B0A09C6EF124FD0117CD16FCC032DA2B195D45BAB19740BB78
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=Error interno, mensaje desconocido..error.badinst.nojre=Instalaci\u00F3n incorrecta. No se ha encontrado JRE en el archivo de configuraci\u00F3n..error.launch.execv=Se ha encontrado un error al llamar a Java Web Start (execv)..error.launch.sysexec=Se ha encontrado un error al llamar a Java Web Start (SysExec) ..error.listener.failed=Pantalla de Presentaci\u00F3n: fallo de sysCreateListenerSocket..error.accept.failed=Pantalla de Presentaci\u00F3n: fallo de accept..error.recv.failed=Pantalla de Presentaci\u00F3n: fallo de recv..error.invalid.port=Pantalla de Presentaci\u00F3n: no se ha activado un puerto v\u00E1lido..error.read=Lectura m\u00E1s all\u00E1 del final del buffer..error.xmlparsing=Error de an\u00E1lisis de XML: se ha encontrado un tipo de token no v\u00E1lido..error.splash.exit=Saliendo del proceso d
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (1575), with CRLF line terminators
                              Category:dropped
                              Size (bytes):3441
                              Entropy (8bit):4.832330268062187
                              Encrypted:false
                              SSDEEP:48:KE2CXpRLJDNXQC6tNaEGBlu9hUv5//zEvDiwkISAyHgKe1p6KF/uoYuh1LNRtS0f:KERXlp6tN1VHq1Kt1S4x8Xi
                              MD5:FFE3CC16616314296C3262B0A0E093CD
                              SHA1:198DD1C6E6707C10AE74A1C42E8A91C429598F3B
                              SHA-256:3941736BEF6A8E53D002B6B67ECE4793C2F3F34BCC1ECB271684EB3F73FC4103
                              SHA-512:CD3A9329F405CA14E11CDBB74D467B31A31530CBF00537B16FB23AEBC6C07EB268E9624FDBC997AA0CF4852DAC288E1D011E2FC392D71E25DBDF52E359BA9D4E
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erreur interne, message inconnu..error.badinst.nojre=Installation incorrecte. JRE introuvable dans le fichier de configuration..error.launch.execv=Erreur lors de l'appel de Java Web Start (execv)..error.launch.sysexec=Erreur lors de l'appel de Java Web Start (SysExec) ..error.listener.failed=Accueil : \u00E9chec de sysCreateListenerSocket..error.accept.failed=Accueil : \u00E9chec d'accept..error.recv.failed=Accueil : \u00E9chec de recv..error.invalid.port=Accueil : impossible de r\u00E9activer un port valide..error.read=Lecture apr\u00E8s la fin de tampon..error.xmlparsing=Erreur d'analyse XML : type incorrect de jeton..error.splash.exit=Le processus d'affichage de l'\u00E9cran d'accueil de Java Web Start est en cours de fermeture...\n..# "Last WinSock Error" means the error message for the last operation that
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (1392), with CRLF line terminators
                              Category:dropped
                              Size (bytes):3255
                              Entropy (8bit):4.7050139579578145
                              Encrypted:false
                              SSDEEP:48:KTi+qOaVUVVMsD/B0FN5+eADELDHxhdpHgKe1uo265eLaqMQ6URhmwgFs+ur60:KJBa2VtzeDLDRhd5A26+7RhZgR0
                              MD5:BF5E5310B2DCF8E8B3697B358AD4446D
                              SHA1:C746AC1F46F607FA8F971BEA2B6853746A4FB28D
                              SHA-256:CC9AD73957535011EE2376C23DE2C2597F877ACEBA9173E822EE79AAD3C4E9E6
                              SHA-512:B6C61D38B0ACC427B9B2F4C19DABD7EACBE8EEA6B973FD31B3555C4C5B3FFAF1CA036B730359346F57223B44CCE79E04A6D06BBC13C6F7DD26ED463776BB6DCC
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=errore interno, messaggio sconosciuto..error.badinst.nojre=Installazione errata. Impossibile trovare il JRE nel file di configurazione..error.launch.execv=Errore durante la chiamata di Java Web Start (execv)..error.launch.sysexec=Errore durante la chiamata di Java Web Start (SysExec) ..error.listener.failed=Apertura: sysCreateListenerSocket non riuscito..error.accept.failed=Apertura: accept non riuscito..error.recv.failed=Apertura: recv non riuscito..error.invalid.port=Apertura: impossibile identificare una porta valida..error.read=Tentativo di lettura dopo la fine del buffer..error.xmlparsing=Errore durante l'analisi XML: trovato un tipo di token errato..error.splash.exit=Uscita dal processo di schermata iniziale di Java Web Start in corso...\n..# "Last WinSock Error" means the error message for the last oper
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (2924), with CRLF line terminators
                              Category:dropped
                              Size (bytes):6381
                              Entropy (8bit):4.5983590678211135
                              Encrypted:false
                              SSDEEP:96:Mu7cepcgD8do+O2D+k8/RJFGQcHGqo72hzEflA44CAmIbIC3j5pN/o8woJe:PctgYqhTYzG2O
                              MD5:D830FC76BDD1975010ECE4C5369DADF8
                              SHA1:D8CC3F54325142EFA740026E2BC623AFE6F3ACB5
                              SHA-256:11E886336BA51A9044AB1A87C60CEEE34C29BB724E06A16968D31531A7001064
                              SHA-512:7B867A50A811FBD7FFDAD0B729CA4501E16386EE5C4940A4CF9A805767CC0D10F7E3BDFD6A60204D79292D778D93E3BD915368AC0E9453BBB1010ADFD9655F0F
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u30A8\u30E9\u30FC\u3001\u4E0D\u660E\u306A\u30E1\u30C3\u30BB\u30FC\u30B8..error.badinst.nojre=\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u304C\u6B63\u3057\u304F\u3042\u308A\u307E\u305B\u3093\u3002\u69CB\u6210\u30D5\u30A1\u30A4\u30EB\u5185\u306BJRE\u304C\u3042\u308A\u307E\u305B\u3093..error.launch.execv=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(execv)..error.launch.sysexec=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(SysExec) ..error.listener.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: sysCreateListenerSocket\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.accept.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: accept\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.recv.fai
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (2601), with CRLF line terminators
                              Category:dropped
                              Size (bytes):5744
                              Entropy (8bit):4.781504394194986
                              Encrypted:false
                              SSDEEP:96:GhymCk3kjLqgz9RkfrsEW/p9M32i0HkZr+ywc8b8+/moD7yct070DL70Dm:Dm5kLfIErMbT/44in
                              MD5:64DE22212EE92F29BCA3ACED72737254
                              SHA1:C4DBC247043578CCF9CD8DAB652D096703D5B26E
                              SHA-256:292696C94D5FD0BF2FF4AF9E4D363BFCBE888D2E65BD18A20CF71081FB1C9B0D
                              SHA-512:CA33C75B66D8B5316B1C3ED41A9A14DD8611A3BB9B26EFDC7F468250696D515CF1E966831975C9ABDC33E9A1C59167FE79BA547592D2A04997E1342433E7B628
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\uB0B4\uBD80 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC54C \uC218 \uC5C6\uB294 \uBA54\uC2DC\uC9C0\uC785\uB2C8\uB2E4...error.badinst.nojre=\uC124\uCE58\uAC00 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uAD6C\uC131 \uD30C\uC77C\uC5D0\uC11C JRE\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4...error.launch.execv=Java Web Start(execv)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4...error.launch.sysexec=Java Web Start(SysExec)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. ..error.listener.failed=\uC2A4\uD50C\uB798\uC2DC: sysCreateListenerSocket\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.accept.failed=\uC2A4\uD50C\uB798\uC2DC: \uC2B9\uC778\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.r
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (1319), with CRLF line terminators
                              Category:dropped
                              Size (bytes):3317
                              Entropy (8bit):4.869662880084367
                              Encrypted:false
                              SSDEEP:48:3c6BeKTDcUsLYg9tStwmx+supWBxKy0HgKe1u6K0NCMc6MTNTjtA7NZdlw7ZHAW:3c6fbEf1mxPuUBxKy4va+mZdlw7Z7
                              MD5:4078691AB22C4F0664856BE0C024A52F
                              SHA1:6247FC05DE429F65DC4E1356C4715DC51F43B98F
                              SHA-256:6869B27B12B99C9D169B3E018284BE0F7631DBDF2DDD5F4EA5B1A458736FDFDF
                              SHA-512:BB02765F69E23C732C790EB994800C83BB8EFE7FF8CE0BCDC475EC5A29CEF5A33A5513AB1A7DC9F0F066B807A0980C41EC0037710873A32BD2952DBED79D24CA
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erro interno, mensagem desconhecida..error.badinst.nojre=Instala\u00E7\u00E3o incorreta. Nenhum JRE encontrado no arquivo de configura\u00E7\u00E3o..error.launch.execv=Erro encontrado ao chamar Java Web Start (execv)..error.launch.sysexec=Erro encontrado ao chamar Java Web Start (SysExec) ..error.listener.failed=Tela Inicial: falha em sysCreateListenerSocket..error.accept.failed=Tela Inicial: falha na fun\u00E7\u00E3o accept..error.recv.failed=Tela Inicial: falha na fun\u00E7\u00E3o recv..error.invalid.port=Tela Inicial: n\u00E3o reativou uma porta v\u00E1lida..error.read=Ler ap\u00F3s o final do buffer..error.xmlparsing=Erro durante o parsing de XML: tipo incorreto de token encontrado..error.splash.exit=Saindo do processamento da tela inicial do Java Web .....\n..# "Last WinSock Error" means the error message
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (1386), with CRLF line terminators
                              Category:dropped
                              Size (bytes):3441
                              Entropy (8bit):4.927824210480987
                              Encrypted:false
                              SSDEEP:96:KYD1QNsQZ/lmo8ZuLgdBGpv3JRJ/7coh91XlK7Q/vm2QAfO:9D1+sCmapce1KGm2QIO
                              MD5:81BBDEA4DC9803A6EB78CE7D5CA018ED
                              SHA1:9AAF012276AD89CE7273CF5F0BE4C95B72D906AB
                              SHA-256:565B8FF1F31784378884D9D7468FFDFDDA5B001ACB5BB393A5006AC19BE4E67A
                              SHA-512:310017DD27C91C492188737494DA04CAB241D0BF4E91326AFB4A3F98CBFF78A6C0BBC14EC7E883597E9D506FAA80BA4E9A25B5F46BFD2543850323061E829A84
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internt fel, ok\u00E4nt meddelande..error.badinst.nojre=Felaktig installation. Ingen JRE har hittats i konfigurationsfilen..error.launch.execv=Ett fel intr\u00E4ffade under starten av Java Web Start (execv)..error.launch.sysexec=Ett fel intr\u00E4ffade under starten av Java Web Start (SysExec) ..error.listener.failed=V\u00E4lkomstsk\u00E4rm: sysCreateListenerSocket utf\u00F6rdes inte..error.accept.failed=V\u00E4lkomstsk\u00E4rm: kunde inte accepteras..error.recv.failed=V\u00E4lkomstsk\u00E4rm: kunde inte mottaga..error.invalid.port=V\u00E4lkomstsk\u00E4rm: \u00E5terskapade inte en giltig port..error.read=L\u00E4ste f\u00F6rbi slutet av bufferten..error.xmlparsing=XML-tolkningsfel: fel typ av igenk\u00E4nningstecken hittades..error.splash.exit=Java Web Start - v\u00E4lkomstsk\u00E4rmen avslutas .....\n..# "Last
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (1857), with CRLF line terminators
                              Category:dropped
                              Size (bytes):4104
                              Entropy (8bit):5.04197285715923
                              Encrypted:false
                              SSDEEP:96:Me7R8zl0Zf4z3X4Gv2hEpeStEKADydYL1WfK0eSm91j7:1R8pOfWHJvOJT1WPtK1j7
                              MD5:823D1F655440C3912DD1F965A23363FC
                              SHA1:50B941A38B9C5F565F893E1E0824F7619F51185C
                              SHA-256:86663DED105B77261C0556468A93BC8666A094B918299A61AF0A8E30F42019C7
                              SHA-512:1EBF989D2121CF05FFC912B9B228C4D4523763EB1A689EC74568D811C88DCF11032FFC8007BB24DAF7D079B580662B77D94B4B8D71A2E891EF27979FF32CD727
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u9519\u8BEF, \u672A\u77E5\u6D88\u606F..error.badinst.nojre=\u9519\u8BEF\u5B89\u88C5\u3002\u914D\u7F6E\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u8C03\u7528 Java Web Start (execv) \u65F6\u9047\u5230\u9519\u8BEF..error.launch.sysexec=\u8C03\u7528 Java Web Start (SysExec) \u65F6\u9047\u5230\u9519\u8BEF..error.listener.failed=\u542F\u52A8\u5C4F\u5E55: sysCreateListenerSocket \u5931\u8D25..error.accept.failed=\u542F\u52A8\u5C4F\u5E55: \u63A5\u53D7\u5931\u8D25..error.recv.failed=\u542F\u52A8\u5C4F\u5E55: recv \u5931\u8D25..error.invalid.port=\u542F\u52A8\u5C4F\u5E55: \u672A\u6062\u590D\u6709\u6548\u7AEF\u53E3..error.read=\u8BFB\u53D6\u8D85\u51FA\u7F13\u51B2\u533A\u7ED3\u5C3E..error.xmlparsing=XML \u89E3\u6790\u9519\u8BEF: \u53D1\u73B0\u9519\u8BEF\u7684\u6807\u8BB0\u7C7B\u578B..error.s
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                              Category:dropped
                              Size (bytes):3784
                              Entropy (8bit):5.17620120701776
                              Encrypted:false
                              SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                              MD5:4287D97616F708E0A258BE0141504BEB
                              SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                              SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                              SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                              Category:dropped
                              Size (bytes):3784
                              Entropy (8bit):5.17620120701776
                              Encrypted:false
                              SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                              MD5:4287D97616F708E0A258BE0141504BEB
                              SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                              SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                              SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                              Malicious:false
                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2
                              Process:C:\Users\Public\123.exe
                              File Type:GIF image data, version 89a, 320 x 139
                              Category:dropped
                              Size (bytes):8590
                              Entropy (8bit):7.910688771816331
                              Encrypted:false
                              SSDEEP:192:91m4OqvVyG+LMIcBc2qPjHmxJCCG/h97dIYhOX:9/OqdivcqzjH3tfDE
                              MD5:249053609EAF5B17DDD42149FC24C469
                              SHA1:20E7AEC75F6D036D504277542E507EB7DC24AAE8
                              SHA-256:113B01304EBBF3CC729A5CA3452DDA2093BD8B3DDC2BA29E5E1C1605661F90BE
                              SHA-512:9C04A20E2FA70E4BCFAC729E366A0802F6F5167EA49475C2157C8E2741C4E4B8452D14C75F67906359C12F1514F9FB7E9AF8E736392AC8434F0A5811F7DDE0CB
                              Malicious:false
                              Preview:GIF89a@................................................FFF...T..W..V..Is.Kv.W..W..U..Hr.P|.O{.Mx.Gq.Jt.Fo.Fp.V..U..Gp.T..Lw.P|.R..Q~.S..S..Nz.Lw.Hq.Ju.X..V..Lx.It.U..Hs.Ny.Nz.P}.R~.S..R~.R..Q}.Q}.My.Lv.It.O{.Ku.My.Oz.Gp.Gq.Hr.....................WWW.........Ry.uuu............i......ggg...]..................{..y..d..........Sz................s............i...............c............v.....X........r...........]........^........p.....z.........r..Y..l..m...............]................Mu........Qw.Nw.........v.....b..j.......V}.]........d.....k........v........Lu....S|.U{.Oy................W........Lv.U..R}.....Nv.Gp.Nx.Ks....Jr....Hq......V~.T..S~.Z.....Gq.O{.......W..Qz.......Lw.Z.....T...........S~....Lt.Kv....V.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht
                              Process:C:\Users\Public\123.exe
                              File Type:GIF image data, version 89a, 640 x 278
                              Category:dropped
                              Size (bytes):15276
                              Entropy (8bit):7.949850025334252
                              Encrypted:false
                              SSDEEP:192:onqkbSDLFgIBL0IgyZCE/oIuuemXclVO/HemZ8GbRdziHm6tIclW3ZYvvebtssZn:lKMLWkpgy8sdsnOmEyPLaYoauAdI
                              MD5:CB81FED291361D1DD745202659857B1B
                              SHA1:0AE4A5BDA2A6D628FAC51462390B503C99509FDC
                              SHA-256:9DD5CCD6BDFDAAD38F7D05A14661108E629FDD207FC7776268B566F7941E1435
                              SHA-512:4A383107AC2D642F4EB63EE7E7E85A8E2F63C67B41CA55EBAE56B52CECFE8A301AAF14E6536553CBC3651519DB5C10FC66588C84C9840D496F5AE980EF2ED2B9
                              Malicious:false
                              Preview:GIF89a..............................................FFF...W..V..Is.Hr.W..W..U..P|.T..Kv.O{.V..Mx....S..Fp.Jt.Lw.Gp.Gq.Lw.U..T..R..Q~.Fo.Nz.R~.R..Q}.My.Ju.It.Oz.Gp.Nz.Gq.V..Ny.Hq.P|.P}.S..S..S..Q}.Ku.Ku.Hr.Lx.X..Mx.It.U..Is.Hs.T..O{.R~.T..O{.Kv.My.Lv..........i...........]..WWWu...........ggguuut.......................................Ry.......{..............b..........................^..l.................X}....a..{.....c..................v..m........T{.f.....l........X.........................j..U|...........`........j..g..U~........^.....Qz.Jr.Nw.p.....v.....p.....Gp....r..Mt.......y..q.....]..Nv............Tz.Y.....[.....Pw....Ox..............X.....Y..X..W..V..S|............Mx....Mv.Kt.U..Hq.Lv.W.....Mu.i..Q{.Gq.Lt.S~.T..U..Kv................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht
                              Process:C:\Users\Public\123.exe
                              File Type:GIF image data, version 89a, 320 x 139
                              Category:dropped
                              Size (bytes):7805
                              Entropy (8bit):7.877495465139721
                              Encrypted:false
                              SSDEEP:96:S88k2wenvMs3iHrSI3yy73VWOcaJpGvrrXqJBcqgbf5bD0jmzDBoqCN2IWsyh:SFHhs73n73V4airrXq41Ll3vBmN2YU
                              MD5:9E8F541E6CEBA93C12D272840CC555F8
                              SHA1:8DEF364E07F40142822DF84B5BB4F50846CB5E4E
                              SHA-256:C5578AC349105DE51C1E9109D22C7843AAB525C951E312700C73D5FD427281B9
                              SHA-512:2AB06CAE68DEC9D92B66288466F24CC25505AF954FA038748D6F294D1CFFB72FCC7C07BA8928001D6C487D1BF71FE0AF1B1AA0F35120E5F6B1B2C209BA596CE2
                              Malicious:false
                              Preview:GIF89a@...................................{...........c.....P|.l.....].............Ry.........S{.i.....U~........................uuuV..b........T.....WWW}..R~.......Hr.v..T|.It..........n.............e..f.....].........Hq.`........Y.....i..r.._..l...........]..Y.....v..................s..f.....z.....\........Jr.r.....................i..e.....p.....Y..m........Z..Sz.Ow....Y..Nx.{..w..Jr.T..R}....Pw.Lt.s..`..W..W..Lv...........................................FFF...W..V..Is.Kv.W..W..U..Hr.O{.Mx.Jt.Gq.Fp.Gp.Lw.Fo.U..T..Q~.R..P|.Lw.S..S..Ju.Nz.V..X..V..U..Ny.Hs.My.Ku.My.Q}.R~.P}.Q}.R..S..S..O{.Oz.Lx.Nz.Lv.It.Gp.Gq....ggg.....................S...............S|....Gp........Mw.S~.Px.Nz.Pz.......Lt.Kv.a.....V.....r.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht
                              Process:C:\Users\Public\123.exe
                              File Type:GIF image data, version 89a, 640 x 278
                              Category:dropped
                              Size (bytes):12250
                              Entropy (8bit):7.901446927123525
                              Encrypted:false
                              SSDEEP:192:Zzv4QPei/ueMFJ2M4xSGb/xGEyddpTa7Kv9I1BDc3KR3q6xmwJePYueHjAPZKGMr:5vTWvmxSGbkpTaYe1dc3KR3q7wJsOHmu
                              MD5:3FE2013854A5BDAA488A6D7208D5DDD3
                              SHA1:D2BFF9BBF7920CA743B81A0EE23B0719B4D057CA
                              SHA-256:FC39D09D187739E580E47569556DE0D19AF28B53DF5372C7E0538FD26EDB7988
                              SHA-512:E3048E8E0C22F6B200E5275477309083AA0435C0F33D1994C10CE65A52F357EE7CF7081F85C00876F438DFA1EE59B542D602287EC02EA340BFDF90C0C6ABD548
                              Malicious:false
                              Preview:GIF89a.......{.....k......{...........P|.b..V......................Hr.Hq.......................]...........X...........f.............i............R~....u..It.u.....l..T~.......Qz.......^..Q~....i.......b.............Qx.Y..Y.....q..p.....v..............a..U|......T..Y........................^..n........f.....Tz.e..j..f..Ox.p..Y~.Ov.......y..Z..h.....l.....W.....w.....R|.p.....X~.a........Pw.Ks.Ir.......^.....Kt.FFF\........Ox...........W..U..Nw.Mu.W..V..Is.V..Hr.R~.W..W..U..T..O{.Kv.Gp.S..Mx.Lw.Fp.Lw.U..T..Jt.R..Gq.Fo.Ju.My.R..Q}.R~.Nz.Oz.It.Nz.V..V..Gp.Ny.Ku.P|.Ku.Gq.P}.S..Q}.S..S..Is.Lx.U..O{.Hs.T..O{.My.Mx.Kv.Lv............iii...YYY.............xxx........._.....U..Gp.U..Lv.Mw....Oz......S|.S}.Hq.\..Kv....Mv.P{.W..T........Mw.T.....Nz.q..Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):187736
                              Entropy (8bit):7.79606817499301
                              Encrypted:false
                              SSDEEP:3072:9Mxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBgvH6:ONduOJv29amxGiDtonI87aGBgva
                              MD5:13794986CA59819F6AF7BD70022D7F8F
                              SHA1:6C5609CD023EB001DC82F1E989D535CD7AD407EE
                              SHA-256:AF555DD438214DCD68D55EBDDCC0A05BF47DEF0EFD9920E3955D11CC2623628E
                              SHA-512:2E3C4E76FD911EFF5F6983D6D7FBB0F998E5FB0BFE11921A83AC9F19BFB0C28B157354F1AC790094C354845025AB42F5A921FDDF2A780497431F3912D7D3E518
                              Malicious:false
                              Preview:PK........z..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):187727
                              Entropy (8bit):7.7958934328326075
                              Encrypted:false
                              SSDEEP:3072:aMxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBPlHl:nNduOJv29amxGiDtonI87aGBPlF
                              MD5:82C16750374D5CCA5FDAA9434BAF8143
                              SHA1:9B49F07BFB6F4AE73EB9B2FADCAE46E02E31F023
                              SHA-256:1F0966EBD65544669395E9F490A3D397DCF122D5261566734BB422C68CFE64B8
                              SHA-512:12A32FBE2A0A824EC33BD6D0A22066C0CB74D13EEBC16622FFE420CD48B4EB5878C981384DEBE30285D6231B3224E5CD2380C22D8C18624E52E5C74B62221661
                              Malicious:false
                              Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):3860522
                              Entropy (8bit):7.9670916513081735
                              Encrypted:false
                              SSDEEP:98304:PI1SwP9utPgTIb0bxSxwF1nNZVdEILeH9IIyYNO4Inwz:PI1HYgkoxSxI9fs4UVIwz
                              MD5:AE86774D28F1C8270A9BCBD12A9A1865
                              SHA1:7806C70550F435C2C87D2D15E427E5A9F97774E4
                              SHA-256:0402FBCB23D381DEDE4DF4228F2D100D8693C5B3BAB885AB5EB98BCC0A269786
                              SHA-512:2EA1E0372A087915FFFCCA2DEFC817C37BD038B02824BFEC1DA4E881A4C908A93AEB37DAA38840F75BCEAFD02EC09088FE648B0305DA0407E93407EAC770BE63
                              Malicious:false
                              Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z.......E..9....E..E.%@...\.\.PK...n..N...Z...PK...........H................sun/text/resources/cldr/aa/FormatData_aa.classmPMO.@.}........(.@..xB....!b,1i8..6X..I.5._.'.....(..".9.yy3.f?..?..`?...*6T.5l....aG......=...mqN.......t...:6g.;`^....d.L..\0.|.b...w&.....c.;...8%H...........RqA.......b. ..p./G......B0..K.Sx6...>4\....Zy.!..".R.N....T....=..c~d.7...3(5.<.....a;F....\....a8@..a.@..d^.]YV"k....U...2'#...rX.K...ue...O....bZ.:CB...jZ.]3...2M.s....3}.ct%.GV..PK...]..d.......PK...........H................sun/text/resources/cldr/af/FormatData_af.classuV.x[W.>...a[y......R.+-..K].I.4..(...b.=....a.h...({..B!...{.U......w../...y...?.;w>.u..w..A.......xE.nFxe.nAx...^.p+.k.^..z.7 ...M.oFx..[...v.3..!.....Bx7.{.nGx/....@x?...."..A..!|....G.>..1..#|....B......A.,...>..../"|...._A.*........o"|.....A...........".
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):8286
                              Entropy (8bit):7.790619326925194
                              Encrypted:false
                              SSDEEP:192:tX5jIgU7WbMCc0XmHTEIWB7EH+mqcEb+wYtvEmkbKdG:tXZU7WbMoWTFWBAH+BCrEmkh
                              MD5:7FA7F97FA1CC0CC8ACC37B9DAE4464AE
                              SHA1:C143646A6DBE2EBDB1FBF69C09793E7F07DBC1F5
                              SHA-256:36820223C5B9A225DC3FF7C1C3930BDB112F1D9AAB2BEE954FF1A1C1828E2C54
                              SHA-512:AD9A0E358BE7A765B4A554E6BBE35BDD61A52BCAC9F21915D84C2A1929780150DFDCF0E43121D0E844082B1BB92873ED848ACF9B38FF3C7D826E5D0F5D32C26C
                              Malicious:false
                              Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$1.class.S]O.A.=......./@."e.,(>AH.` )..g.......l../j....LD..F_.M.xw.j.....s.{g.~.........d.n...9.0e.N..i.E.......~A.&.H..7....[<.7|....]f_.....r.)W....*~(B....nM..F.Z!.z.....Ye.(...B.3..2.AM0......pO..x.!.#.0U.I.G..Tu.&..L.......e.![.U..;...-.2.6.<.02P..9...R.......la...*.H....!.."-..H..E].Z.k^.W:p.J^s. .x .c..7j>.A..T...TfG...f....!.6zm.p.F..-.q.K.....1.!.w.C+,2..J....0.!C...0Lw...@..s[.cmp%I-.5..o...1.D].]q..4..-.t1...m.q.3.;\....D.+/..../...N....uv...R.|<<.2M...4...O.yz.F*A...).3{.....7....]..g.i..9&m.[.......K_.}.,;)}F..VR.w........|I.+..B.a...F.-C....h......Y...N...t..D.:.<..d..u`..r..B...PK..K.".u.......PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$2.class.
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):44516
                              Entropy (8bit):7.905075370162141
                              Encrypted:false
                              SSDEEP:768:2YVL1eqfgKbWnXuZ/QvfBPJr+A6tkZQnWn109KqM9jE4z:2KL1eWgfnXuEfJQAdQnWn10kqg3z
                              MD5:1A33FF1FDD789E655D5E2E99E9E719BD
                              SHA1:AE88E6000EBD7F547E3C047FC81AE1F65016B819
                              SHA-256:A23A9A653A261C640703B42839137F8C4BF7650665E62DBDD7D538171BD72516
                              SHA-512:0451393D805414D6633824F3D18B609F7495324FAB56DF4330E874A8995BD9E0DA567D77DB682D7FD1544CD7E6A3D10745C23DB575035E391B02D6EE4C4362FD
                              Malicious:false
                              Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............Z...com/sun/java/accessibility/util/AccessibilityEventMonitor$AccessibilityEventListener.class.Wkp.........5..5..A6`l..C\j.A...eb)..)dm....J+..h...I.&&...L.4.3.$.aH.q.....M...i..m......KNf4.y..~.9g.>.....[p.:....n..p....(........#.D'".ta/.>.D7.|.s.!..f.o......#\w?o...;q..]x....B...~.....t..4>?.#N.1$Aw........;..#j.HJ0%..p...M.5...V[.. ...*......P...).qZ)......a-i...H2.EM..H.2l.H.eX_.>..(..J_..Lj.Z\3G...,...C|.....T..$,.q.OX...[.u..Qg..6..:...iz.q.-.*...:sD@9j.2[..w..I3a.r....cXM..m..}P..J.WU.d`o.nhD.3.=).)..o2..F*...8^k...f)t.........G...e|.....C*K."#.F...,.m.q..I8)....$..x^......e..?..c.D..8..e..7...U..8..dl...rc.s.7d..3...x.....E`.....n/.8.qY......i.~BQ..\.1.K2~.K...s.C.YN...@.Lh...i....PwwW.W...2.z....<%..F..+..xW.e...K.W0...3......J..)S.
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):18192143
                              Entropy (8bit):5.977388717447885
                              Encrypted:false
                              SSDEEP:49152:ZxJ9lXlkEhZWLyyQSgxv1/FGfnIWkRXe2p0F7tjRozGfVgMS55pU13JbL5xli3d6:ZhLk2bBSgnFGfnhAXLzAeylvi3dGT
                              MD5:042B3675517D6A637B95014523B1FD7D
                              SHA1:82161CAF5F0A4112686E4889A9E207C7BA62A880
                              SHA-256:A570F20F8410F9B1B7E093957BF0AE53CAE4731AFAEA624339AA2A897A635F22
                              SHA-512:7672D0B50A92E854D3BD3724D01084CC10A90678B768E9A627BAF761993E56A0C6C62C19155649FE9A8CEEABF845D86CBBB606554872AE789018A8B66E5A2B35
                              Malicious:false
                              Preview:PK...........H................META-INF/....PK...........H..>.g...g.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.8.2..Created-By: 1.8.0_40-b27 (Oracle Corporation)....PK..........H................com/PK..........H................com/sun/PK........j..H................com/sun/deploy/PK........j..H................com/sun/deploy/uitoolkit/PK........j..H................com/sun/deploy/uitoolkit/impl/PK...........H............!...com/sun/deploy/uitoolkit/impl/fx/PK...........H............$...com/sun/deploy/uitoolkit/impl/fx/ui/PK...........H................com/sun/deploy/uitoolkit/impl/fx/ui/resources/PK...........H............4...com/sun/deploy/uitoolkit/impl/fx/ui/resources/image/PK........}..H................com/sun/glass/PK...........H................com/sun/glass/events/PK...........H................com/sun/glass/ui/PK...........H................com/sun/glass/ui/delegate/PK...........H................com/sun/glass/ui/win/PK..........H................com/su
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):1178848
                              Entropy (8bit):7.964832897711047
                              Encrypted:false
                              SSDEEP:12288:qLvFVMHxMyEg7+dYmx0nqEdgq2C942bjAHcOveMdDLtHHicwqJM5SznKMWKdk/H2:cF9rYmxQ5tOcOdFwqSYzn0DfYHs4jOBK
                              MD5:24857AD811CEDA70BD0F087FD28B5B6E
                              SHA1:707305EB10B1464D40BDEABADE77B80B984A621A
                              SHA-256:321D646AD29A5B180CA98BB49E81C2C732523B7E5145A3C568766CEC06B2B1CD
                              SHA-512:A10A340BDB2DE2D0D14ED804F04313D1D4CBD64EF0513A9E54B7FA95FFB05F2123C9095A4B2BFFA4DDF3ADEA9A67E978D26D115A8F5677AE1BD0EE67C416FA5A
                              Malicious:false
                              Preview:PK........u..H................META-INF/......PK..............PK........u..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............,...sun/text/resources/ar/CollationData_ar.classm..O.A...Y[("...E..Q.....z....M.1A.f....m.n.G|._.WP@.R^T.D._.......b.N.H.....<..!._....!...j...#bCD.U..*.1"6ED.#*[..xp....;.:"....Q..O.'..:....3..5.~.J.~2.8.a.......e/....S....A.#.c.l...<n.ljM%.^.O%.y.w.K.;jD.X...._......,.B'\.;'.K.{...x.G..cL...9^`..x.W..0F....!...P.8&0.)..[..+.e.T.\.+w."g.YW.E...]....[....c....}.(.b..m1n..<`..[,..-&m...C.....W....}..k>y..x.....X K.fY..1.1..L.z.;.K.....n}..4...f0..|6.}..0..X."..+=.........n...6.Y.............l.o..%..w.8Ks..gq......3t/8C.........~<..<.3<....%....0F...(r..1..\5s..UO..jf..L..f...........................!.!.!.!.!.!.a..............................n&..... ..3.76.....#....l.OD......G.../..J.W..*...k5.V..........?.V..6...F...t.....X...X.
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1511
                              Entropy (8bit):5.142622776492157
                              Encrypted:false
                              SSDEEP:24:EV677x6CFRf08P86xX+4jz98ht4QLlJVzDOFw5DOFFVzDOFvVzDOFz5qlV/FRARV:EE796OfT0OZjzGs6lDitfitigXFqX6Kp
                              MD5:77ABE2551C7A5931B70F78962AC5A3C7
                              SHA1:A8BB53A505D7002DEF70C7A8788B9A2EA8A1D7BC
                              SHA-256:C557F0C9053301703798E01DC0F65E290B0AE69075FB49FCC0E68C14B21D87F4
                              SHA-512:9FE671380335804D4416E26C1E00CDED200687DB484F770EBBDB8631A9C769F0A449C661CB38F49C41463E822BEB5248E69FD63562C3D8C508154C5D64421935
                              Malicious:false
                              Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! access-bridge-32.jar..com/sun/java/accessibility/..! access-bridge.jar..com/sun/java/accessibility/..! cldrdata.jar..sun/text..sun/util..# dnsns.jar..META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor..sun/net..! jaccess.jar..com/sun/java/accessibility/..# localedata.jar..sun/text..sun/util..# nashorn.jar..jdk/nashorn..META-INF/services/javax.script.ScriptEngineFactory..jdk/internal..# sunec.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunjce_provider.jar..com/sun/crypto/..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunmscapi.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunpkcs11.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# zipfs.jar..META-INF/services/java.nio.file.spi.FileSystemProvider..com/sun/nio/..# jfxrt.jar..META-INF/INDEX.LIST..com/sun
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):2018860
                              Entropy (8bit):7.9328569913001905
                              Encrypted:false
                              SSDEEP:49152:fBkB7GOrPDSz0fHaIU1KDWtHkLs0amlyYu:fBkoOruSHa/4y/FmA
                              MD5:F3E3E7769994C69DFF6E35EF938443CA
                              SHA1:758F42C0A03121AD980DC98BE82DCAF790679E79
                              SHA-256:CF0268FF39D19876BD42BF59E2CE93BB9AA57E5EE98C212BAE0184BD87F2D35A
                              SHA-512:AB4801E8538B9B84124D2B8C36E64232F16DA686C5FA565C5DE2091C910806A850464F5CCC79C9320DF6F8CB943633FC38FEA63F9E0593A44E3541F15F126951
                              Malicious:false
                              Preview:PK........o..H................META-INF/......PK..............PK........o..H................META-INF/MANIFEST.MFm....0.E.&...:..q.0.....W.g(>Z.v..E4,...{o..>1&y...w.0JsV....<..A..M.bs.. ......F|.Y... .Bt.K9...N%.).s.D.qVC.......c?......'..B,k...&.......i?^0...o...PK..\K:x........PK........i..H............6...jdk/internal/dynalink/beans/AbstractJavaLinker$1.class.S.N.Q..N[.mY.".....T......7.%....A...t..n..m........k51.....2..H.51....o..|..9?~~;....9..J.Y.g...5......M%.4......z....=..v.OF"..7.#....-.e......nU...G^ K.a/.BF.....y.....*C.C.^..!.R.eH.....j....aK.M...3].....=..;'.;]j*..>C....#*.:..Z.(.N...JvEX.I.e..A..."j...C....t.C.q..:..>.J1}...z`..v...[.. .QTa..kXeX..'.1O.c..1...x..W..a.....3.Gl.VG8.C.tE5P...rN.&.v.....F.V.{.say.0^~m.....e....VW.B..x.h..u.i.K..F..j.[;;..Z.z.^f.8.q~.nR.n....Q.2..$.)B.$..|.;.....'.&. .j|@.E....FP#....A-..."...b.n.".H/c..Ho..s.I./.X..p...}..]F....SP.L.u."@..$o.9.b.'.!.;X~6..PK..]./.<...H...PK........i..H............K...jdk/internal
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):39771
                              Entropy (8bit):7.92713480980539
                              Encrypted:false
                              SSDEEP:768:ah0EOq/w9b3jpSo40ROLB2CUrQbNVkJBtw6pcZWztpQeA4Uz7NWnZVNB3gX083/z:aJOyw9b3joo4hLB2CUr2yBw6pcMtpS44
                              MD5:A269905BBB9F7D02BAA24A756E7B09D7
                              SHA1:82A0F9C5CBC2B79BDB6CFE80487691E232B26F9C
                              SHA-256:E2787698D746DC25C24D3BE0FA751CEA6267F68B4E972CFC3DF4B4EAC8046245
                              SHA-512:496841CF49E2BF4EB146632F7D1F09EFA8F38AE99B93081AF4297A7D8412B444B9F066358F0C110D33FEA6AE60458355271D8FDCD9854C02EFB2023AF5F661F6
                              Malicious:false
                              Preview:PK.........r.F................META-INF/MANIFEST.MF..I..H....Q..C.f.X..*b......lz..$..dK6..7U....N.5...... .GT.......[.{a...8#(FI......%Ao==...U%%.QOIjL....'.o../..q.q.!....k..)}..4...@J..~\....@..z0._.*....L....=..z.=?)..%... n......HoY.>?........]....Nz..,..c./........6$.@....1.2.X...`:G.j.S..IP.-X...0..8jk...|.....YF.b..u.9...F\.j......y.*Q.'..2.i.S.D...z.j...a..a..L.o..+v. .!.h..8H...d..R.d1a...A.9........zC..Z_.p.`...).t. ...q.1.......\...RS."..11.C.Y..I...J.(.(x.m..N..('[..C.o....H..].<#.%....CZ....[....Y......g..=.2...........I....qm.-....(..BZF.r8=.C(F...I.."...$W....]...9..0b......]...5.M.....`"."k...k....T\....WZQ.>.8..KF..g[Y.c5.s...U..-c....!v..$.rG......1T....bb.s>..R.w....&8.*NX@o+...~,K..2..yI..._f^.l@..|.....U...^...#.P.u!.#..g@/d.<.../..:..V.[.6B.TG....>.D..R\.k....E.E.O4K..Z....f.,..f......hRW...) X......\M.#!)..H..b..f...w..R....w.=.........PC.#...K..|..d.S..Ms.]4q.....c..f......}.NF^.7d...|.*..^\n.l.D..V......
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):279427
                              Entropy (8bit):7.90277234368113
                              Encrypted:false
                              SSDEEP:3072:E/Ieog0SgEOU8pqHbQpr16jWun5bT1aReAaTFMzpx2Xcpll+PrA3YaRBlLi:E/m9eJsppCLJTURe9TFMrQ0fkUK
                              MD5:B04074A9FC78DC1409168E1E2D139647
                              SHA1:54182C904A48364FC572E3A2631DF14823C29CEF
                              SHA-256:BFAD3FB11E7115AAF34719488551BF3205B2FAFFB38681C7F6BDAD19BB7568C2
                              SHA-512:E97CA3D53E867E957BF467688F83C53B2FD6FF1EA001B19F03A23096581DC8ADCEC7C1403D164D063B1A437E4BF6FA98E1543626849D4E17E31156CB012F9599
                              Malicious:false
                              Preview:PK........aZ.H................META-INF/MANIFEST.MF.|I..V..".?xP...p.#..7.G D.N.......~...)....ic.;..[.k.../3...5.5........O....x....6c4>...].u....h.~2.f,n.O|3.}.|<..._}..o........K..Z.=.$m....>...'....O?...G.>&..)no.......Z=...k..~...O.z....c.|(..9.=..|....q.vc....}..i.3.~.}x...~.?.+..._...}.......|..,.,..&`.s..=.....h...%.g.'~..i......p.;A..B..99{....E..k........)......^IW!.._....+..)....d._0...s......v..R.c.*]..0.C..Z}.....j..O%.I.....J.%..).Q..=..0.J.J...A......%T...$..h.#.N%N.e.ne...=DV.......+.....(..f...yn.P..-...f.ON..d=8-....B.^......S.+........$V`..uz....US..h.8.4^Y-;4.M.+i...dw.9.x..k.]...\u..j{<.....r.....y}.E.....X.~%....zF;.<....+-...X.I.I..]..N`.2.G....c~..J.r.o@..My.(.H,...b.e...5'e./...b;D~.%....};....J....1k5CrO..6....n.....>.t..0a.......,.J./;.q.y...w...J.t&s.2.sYk....1...5..._x.....Q..M.J...N.y3{....R..~.F..V......'z...{|..j5..../.;.NCGG\.....!M...Pfe/l..).zL..9.4....?..o.....}.F..M....~.L.q.] ..x.v..d.]G[...q$.E.o...r.(..
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):32699
                              Entropy (8bit):7.878192531974338
                              Encrypted:false
                              SSDEEP:768:iLy1giOqjU0jNVmOTuDQJD/RpAczsikFfg0y+7aBTS73dyPoXvvKv2PtvHubyKhi:i4giOaU0jNVmOCADZpVsiUf3yua5S7t7
                              MD5:2249EAC4F859C7BC578AFD2F7B771249
                              SHA1:76BA0E08C6B3DF9FB1551F00189323DAC8FC818C
                              SHA-256:A0719CAE8271F918C8613FEB92A7591D0A6E7D04266F62144B2EAB7844D00C75
                              SHA-512:DB5415BC542F4910166163F9BA34BC33AF1D114A73D852B143B2C3E28F59270827006693D6DF460523E26516CAB351D2EE3F944D715AE86CD12D926D09F92454
                              Malicious:false
                              Preview:PK........)..H................META-INF/MANIFEST.MF....X.........ad2....@..%E..M.^.x.. O_dW.5Qi..8.....).aY=.!.Q....g..AM..&0....d.*./#..yM+......g.[.O..$....I?>X9..G......h.]...".y....do.O..2.Y.\^...}+....p2..u.]...V0}....&..a.C...-.....n.....M...M.F..,.....v@...>>|..["J...U7")..#b.oV.a...l.g..e.s..L.D..={.-gLEt.....!/... q....z.J...0.2e...=.....[]{..N...1....Z.....2...I.k...Sy..Qm...{....;.On..!.@..S.IZ..=......Lo.N4..|.j...!.l..G..}.Q....u....ADh.z.w.-..@%.@...!.".R.nHE.P]..J!..E.9Sw.LM7.&...[v..~.P...bp;.....:id.e..o.h..8.C....l...70..].gp..7.<.P.....Zj.....M......-.(@~...M^.....asJ.Y.1.e...(qW..h.c.Iu...-.A..?.5.Ex.S.oc6.).Qkr..+....|..._..H..!7..hs.r.;.z=.....*#.c....6...O+q.I.....|.4.V....Y.T.....4XO..4.>..1.$h..lu..l0..?...w.......o.u....6..)BG'..f......d.v...........<.i..Bj..d..L.....G.r@1.....0..d......'...........*.rK....5x..8.V..9(..Y.`'.k.N....3b.rx.p..c...M_j%..U.z.|Y.1\....d...-I.<g........-.h.*.F...me.F..p.c.o..
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):250826
                              Entropy (8bit):7.951088517189604
                              Encrypted:false
                              SSDEEP:6144:dKtThM4XbBG7v3jUAbE0MEIynrI25ENN/kv1Pv:dKphM4X1G7PjlbE0MxHLbC
                              MD5:2E33D8F1FBEB9239C6FFC0D36DE772D1
                              SHA1:3F881E3B34693A96CD3D9E20D6AEABAE98757359
                              SHA-256:938C497E97E893D0B9325522475AD9FB2C365A4AF832ED180B570C3E4E6FD559
                              SHA-512:DB9A5B0F269BBFC9CB712D8BF170414D649CD72F0DEECCDC3A4D742430E2E29E203F7E462D2DF8F9EC2C82723A8A56FF8FD409CDCBE66547C798B15370B8DB65
                              Malicious:false
                              Preview:PK........mS.F................META-INF/MANIFEST.MF.{.........3.. l@ .G...D.#49A/...........Z.jTUj.{g.\.r..4y...n2.y.........s.UI.4S0=_...*....,..sn..N.p..m..C.....F|{..%Q.....m.v...6.Q.|a.k.?....}...../Q[.6..?.....*..v..P....>..O.:%.E..........o.uS..O..S..Jo....}../.........z.b.....?}_..%pL.y....h.aP.a...1....)..$..IH....v.-..q|..D.z8b..y.<...x..M.K]b=.+.0nSt.co(.-.............C.u..2.W..3...+.....9.d.......L..</..P..z+n..JR;V..K....>...D.....<.....=..+e....>L..`......g.....Os..Ly..T..a.`.}.......Z...R..S...c..z......x.U..)...J.........e..=rr..^K.....hY2.U....e........N.9..r).#!V[..`...B.......CW.}o.q......u7..h0?6.P.14N.-J.\.!u`....H..l...1'J=[.+.-.....X.9.@.......a{C.).Z..P(W.}O...%./..XG=...^..N.enV.F<..oW.|....CJ.....\x..g;v.L.Wf...N.#..*..!.L..:.MD.Vy.z.0.L..72...|.=..eB6(z....#:8D..ig....U....SO.t......0_...>S...}.L.ze....=...k&.[...U^p.$...(........m.z.....~.F..........h......z3<LO.y..4.......w.3.......,W8(..3UF.R.....J)J..q.....Z.d.;
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):68923
                              Entropy (8bit):7.950933538093809
                              Encrypted:false
                              SSDEEP:1536:YNSe2yN5DbD630l1MIeEfqjGWb2LU2j6rnbisZp/u:Ne2yNhDVl1leEP/qn2sZk
                              MD5:4D507E8D7BBF5ECEC8791CBA57B1CE17
                              SHA1:A66C0D4648A06B9078252D090D596C91C591AA50
                              SHA-256:C3993DF765AFF1068A656B28A7A4EDFFE7710AE3B6AA2EA056A6F9C3EDBDC210
                              SHA-512:21B4E729B16947B31657DC5F7F5C75DCDA9F94B4A0ED414E11A6D02951137AC266D605855DDDA7C21BE0200EA07530962D1ECE2FAE009EAE5F2A1A365195C995
                              Malicious:false
                              Preview:PK........b..H................META-INF/......PK..............PK........b..H................META-INF/MANIFEST.MF..;..0...@...uhI.J6-...E.U..-..(I,..m.|Up=..;.B.:.19...Y.Y*8+M.....p,m...F.....?..zRQ..........l....C..]....cO..T.......ds...(.9,...[.~...;.....>....Y.*T6)4. .3..PK.../.?....L...PK........I..H............-...com/sun/nio/zipfs/JarFileSystemProvider.class.U]S.U.~NH.a.@..B.\.!.$.U[.X..J..H..G...$,Mv.....z....9...........Z.d..a.1.y...<..s.y...~....x&c......q..B.`B.......'b.4...'e.1%......i!f../aV.L......B,.XD..KX.......V..^..@....`SD..`[.C._0.'..p.2.EF...SV.3t-.&OW.Yn....i....vx..=..]}O.J.Y.2.m..q.Tmc.Z.....H.arW[[I.7.L...F.k.E&...../.z.J...,U. QD...%....v...".+s.-f.....e..3....."..bvu[..b..Ag.<I7U*.^J..j....~.W\.2....i.j..1C7..:..U.QM.UG.d.c`4.8.Pf..MA.E.;0...1.r..bX..$l>h..%..,h.*..."^=m.90]}.T.}'.&...B;m.-.9.\T....x.p.laD.....#..U.r..P..o...(.a.....`.E.....*1..4-......fT......H.*kN..1....r.Z"7.J+d....B5.'U...e.).!...rt...^.p3..k.8.j.:..k5T....".
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):4005
                              Entropy (8bit):4.909684349537555
                              Encrypted:false
                              SSDEEP:96:5Th0S7zmtRUioj/DUXBZZjM8mcWoe+YfVktH:5h0Iz6Uioj/YXLZjnmdoeDktH
                              MD5:B0CE9F297D3FEC6325C0C784072908F1
                              SHA1:DD778A0E5417B9B97187215FFC66D4C14F95FEF0
                              SHA-256:6DA00C1CBE02909DCD6A75DA51D25DBF49BFD1D779C0B8E57B12E757229FC4A8
                              SHA-512:4C774BCB9ADE996569C86DD46B3BDB046771AD1BCF9AABB9DB86854C83E18015CBE5DF73DA86EE98E26BA0393F548B1CC09DE60BDA4248EACC4FC833E23B8AB4
                              Malicious:false
                              Preview:#..# This properties file is used to initialize the default..# java.awt.datatransfer.SystemFlavorMap. It contains the Win32 platform-..# specific, default mappings between common Win32 Clipboard atoms and platform-..# independent MIME type strings, which will be converted into..# java.awt.datatransfer.DataFlavors...#..# These default mappings may be augmented by specifying the..#..# AWT.DnD.flavorMapFileURL ..#..# property in the appropriate awt.properties file. The specified properties URL..# will be loaded into the SystemFlavorMap...#..# The standard format is:..#..# <native>=<MIME type>..#..# <native> should be a string identifier that the native platform will..# recognize as a valid data format. <MIME type> should specify both a MIME..# primary type and a MIME subtype separated by a '/'. The MIME type may include..# parameters, where each parameter is a key/value pair separated by '=', and..# where each parameter to the MIME type is separated by a ';'...#..# Because SystemFla
                              Process:C:\Users\Public\123.exe
                              File Type:raw G3 (Group 3) FAX
                              Category:dropped
                              Size (bytes):3670
                              Entropy (8bit):4.40570512634857
                              Encrypted:false
                              SSDEEP:96:IRsY7hGbXWvaBKvKY5csW4BxciETBT5Bxrws+LW/B56JF:At/vaBKvKY5fxci8jMWY
                              MD5:E0E5428560288E685DBFFC0D2776D4A6
                              SHA1:2AE70624762C163C8A1533F724AA5A511D8B208E
                              SHA-256:AAE23ACC42F217A63D675F930D077939765B97E9C528B5659842515CA975111F
                              SHA-512:C726CC2898399579AFA70ACACE86BEC4369D4541112243E51721568B4D25DCC6C66FA64AC475AFF9BA9DE07A630B24A9F221FA00426AD36845203BA809219E3C
                              Malicious:false
                              Preview:...%.........6.Y.j.{.........+...........6.=.:.-.9.;.<.3...0.4./.2.8.1.5.7......................................................................................................................................... ............... .........................................................................................................................D.C.I.F.A.G.E.B.?.@.>.H...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.J.M.U.^.f.e.X.W.d.V.R.\._.`.a.Y.O.Z.P.S.K.Q.N.[.c.L.T.].b.g.j.}...r.q.l.{.z.....p.o.|.s.k.w.~.t.x.v.y.........h.u.i.m.........n.................................................................................................................................................!......."........... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y......................................................... .(.5.;.H.U.d.v...............................*.4.?.H.T.].i.s.~.............................".7.@.J.R.R.^.i
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):10779
                              Entropy (8bit):5.217016051711063
                              Encrypted:false
                              SSDEEP:192:Pj2TlKg7RzPc/mOHUFN5HX/rS8QbWZjjfVpMbtxp8lcR9NN:Pj6Y8NcFzXbWZjj9pSMlcz
                              MD5:0C1DB7410938A3634BD9928BA2F284CB
                              SHA1:7EE31F22136E73A2A3D0AAB279199778BAAB06F5
                              SHA-256:818A718788E5506EBB84F26DE82B6C60E08861876400E9ED3931346174D5D7FB
                              SHA-512:EE267E59564A077713856A307382D40D0D8DF8E7EC2EF930723B076F5E38446D3B2600D10AC192262F9A3A86D9973CF13A9E90D180818C05A6C7896A5BD7AD19
                              Malicious:false
                              Preview:#..# ..# Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....# Version....version=1....# Component Font Mappings....allfonts.chinese-ms936=SimSun..allfonts.chinese-ms936-extb=SimSun-ExtB..allfonts.chinese-gb18030=SimSun-18030..allfonts.chinese-gb18030-extb=SimSun-ExtB..allfonts.chinese-hkscs=MingLiU_HKSCS..allfonts.chinese-ms950-extb=MingLiU-ExtB..allfonts.devanagari=Mangal..allfonts.dingbats=Wingdings..allfonts.lucida=Lucida Sans Regular..allfonts.symbol=Symbol..allfonts.thai=Lucida Sans Regular..allfonts.georgian=Sylfaen....serif.plain.alphabetic=Times New Roman..serif.plain.chinese-ms950=MingLiU..serif.plain.chinese-ms950-extb=MingLiU-ExtB..serif.plain.hebrew=David..serif.plain.japanese=MS Mincho..serif.plain.korean=Batang....serif.bold.alphabetic=Times New Roman Bold..serif.bold.chinese-ms950=PMingLiU..serif.bold.chinese-ms9
                              Process:C:\Users\Public\123.exe
                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,422.Lucida BrightDemiboldLucida Bright Dem
                              Category:dropped
                              Size (bytes):75144
                              Entropy (8bit):6.849420541001734
                              Encrypted:false
                              SSDEEP:768:H8Jwt1GIlZ6l0/9tRWhc0x/YxvsTjyIDXCrGU/tlDaKAgKrTLznvzDJIZmjFA0zG:Mwtze9xQcQ/LDaKAgK3LLvzFogbFt5WD
                              MD5:AF0C5C24EF340AEA5CCAC002177E5C09
                              SHA1:B5C97F985639E19A3B712193EE48B55DDA581FD1
                              SHA-256:72CEE3E6DF72AD577AF49C59DCA2D0541060F95A881845950595E5614C486244
                              SHA-512:6CE87441E223543394B7242AC0CB63505888B503EC071BBF7DB857B5C935B855719B818090305E17C1197DE882CCC90612FB1E0A0E5D2731F264C663EB8DA3F9
                              Malicious:false
                              Preview:...........pLTSH$....#.....OS/2p.{........Vcmap.U.z...T...jcvt 8.E.........fpgm..1.........glyf@>.7...l....hdmx..(:...t..1.head.?....T...6hhea.U........$hmtx..ys...... loca..\4........maxp.8......... name..#.........postM.IA.......prepbM.h.......W.............).......).....d. ............................B&H.. . .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc.Lucida BrightDemibold ItalicLucida Bright Demibold Itali
                              Category:dropped
                              Size (bytes):75124
                              Entropy (8bit):6.805969666701276
                              Encrypted:false
                              SSDEEP:1536:lww80sTGzcKHwxWL0T+qHi/sbA06PoNORsr5sOnD0OyuusGa7bs4J:lwL0i97WL0T+qHA9cOR05FD0Oyup74w
                              MD5:793AE1AB32085C8DE36541BB6B30DA7C
                              SHA1:1FD1F757FEBF3E5F5FBB7FBF7A56587A40D57DE7
                              SHA-256:895C5262CDB6297C13725515F849ED70609DBD7C49974A382E8BBFE4A3D75F8C
                              SHA-512:A92ADDD0163F6D81C3AEABD63FF5C293E71A323F4AEDFB404F6F1CDE7F84C2A995A30DFEC84A9CAF8FFAF8E274EDD0D7822E6AABB2B0608696A360CABFC866C6
                              Malicious:false
                              Preview:...........pLTSH.....#.....OS/2k.{........Vcmap.U.z...T...jcvt =jC.........fpgm..1.........glyf.......h...Jhdmx.......`..1.head..X.......6hhea...;.......$hmtx.b......... loca..\....0....maxp...:...D... name .7]...d....postM..A........prep.C.f....................).......).....d. ............................B&H..!. .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,773.Lucida BrightItalicLucida Bright Itali
                              Category:dropped
                              Size (bytes):80856
                              Entropy (8bit):6.821405620058844
                              Encrypted:false
                              SSDEEP:1536:jw9ESkPFybxWj1V7zbPUoOPjp85rFqXpLboVklDNTc2Wt:jwZO0xWPTU7l85rFYpLbott
                              MD5:4D666869C97CDB9E1381A393FFE50A3A
                              SHA1:AA5C037865C563726ECD63D61CA26443589BE425
                              SHA-256:D68819A70B60FF68CA945EF5AD358C31829E43EC25024A99D17174C626575E06
                              SHA-512:1D1F61E371E4A667C90C2CE315024AE6168E47FE8A5C02244DBF3DF26E8AC79F2355AC7E36D4A81D82C52149197892DAED1B4C19241575256BB4541F8B126AE2
                              Malicious:false
                              Preview:...........pLTSH...2..:L....OS/2p.|y.......Vcmap.U.z...T...jcvt F.;.........fpgm..1.........glyf.}.....@....hdmx?..p......1.head.A![.......6hhea.......P...$hmtx3..9...t... loca6..........maxp.......... name...p.......~postM..A...H....prep.......................).......).6...d. ............................B&H.... .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                              Process:C:\Users\Public\123.exe
                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,421.Lucida BrightRegularLucida Bright Regu
                              Category:dropped
                              Size (bytes):344908
                              Entropy (8bit):6.939775499317555
                              Encrypted:false
                              SSDEEP:6144:oBfQeUG2CCTufrmOufymM8hvFHp277tS9iZFYSATxNm:oNQ3vCCTcaFNJw7tSgYS82
                              MD5:630A6FA16C414F3DE6110E46717AAD53
                              SHA1:5D7ED564791C900A8786936930BA99385653139C
                              SHA-256:0FAAACA3C730857D3E50FBA1BBAD4CA2330ADD217B35E22B7E67F02809FAC923
                              SHA-512:0B7CDE0FACE982B5867AEBFB92918404ADAC7FB351A9D47DCD9FE86C441CACA4DD4EC22E36B61025092220C0A8730D292DA31E9CAFD7808C56CDBF34ECD05035
                              Malicious:false
                              Preview:...........pLTSHN..U..=....~OS/2...S.......Vcmap..tO...T....cvt =|t>.......tfpgm..1....`....glyf.J.........Jhdmx]......D....head.WD...h...6hhea.j.........$hmtxW.6|........loca............maxp......4.... nameJO....4....rpost..g...8,..M.prep.].O.......T.............).......).....d. .............."....`........B&H..@. ...D.]...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................|...........~.............&.u.z.~.......................O.\.....................:.R.m.......... . . . . " & 0 : D t .!"!&!.".%....................3.b.r.t....... .............&.t.z.~.........................Q.^...................!.@.`.p........ . . . . & 0 9 D t .!"!&!.".%....................3.^.p.t.v.........W.......M......................................................
                              Process:C:\Users\Public\123.exe
                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 19 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansDemiboldLucida Sa
                              Category:dropped
                              Size (bytes):317896
                              Entropy (8bit):6.869598480468745
                              Encrypted:false
                              SSDEEP:6144:R5OO1ZjNDE7/MsTJ30otegK4zJwz3UhG5jXsrg2HLzYv7cf0R7o7+WX/ov2DG:bOO11CEo9xzJwljXsrhHQ7cMuX/16
                              MD5:5DD099908B722236AA0C0047C56E5AF2
                              SHA1:92B79FEFC35E96190250C602A8FED85276B32A95
                              SHA-256:53773357D739F89BC10087AB2A829BA057649784A9ACBFFEE18A488B2DCCB9EE
                              SHA-512:440534EB2076004BEA66CF9AC2CE2B37C10FBF5CC5E0DD8B8A8EDEA25E3613CE8A59FFCB2500F60528BBF871FF37F1D0A3C60396BC740CCDB4324177C38BE97A
                              Malicious:false
                              Preview:...........pLTSH_R.a........OS/2...........Vcmapz.$L.......Zcvt ...y...8...hfpgm..1.........glyf......\....hdmx..0A.......hhead..&..:H...6hhea......:....$hmtx.,Z:..:.....loca.~'...T.....maxp......n.... name..=%..n....Kpost$.#...s$..[?prep......d...a..........................................)........2'............'........ ....................".".............0.%...............%...........)....................... ......0 ..............................) ) ) ) ...........................................2.2.2.2.).......................................................'"'"'"1....0.........................................................................................................'.....'...........)..,...&,....#............./&.....&.&.$.....$...$........'....... ....)...."...,.......+.....'....).,.....-)..)................... ..."..................,.........(.........,........................../..2.......+.........,.#) .....................+..).........0......+...............,.,.,......
                              Process:C:\Users\Public\123.exe
                              File Type:TrueType Font data, 18 tables, 1st "GDEF", 19 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansRegularLucida Sans Regu
                              Category:dropped
                              Size (bytes):698236
                              Entropy (8bit):6.892888039120645
                              Encrypted:false
                              SSDEEP:12288:6obn11t7t7DxT+3+OQ64cctiOAq12ZX/DmfT6R83Sd8uvx7wSnyER4ky+SH/KPKQ:6oTJZzHniOAZ783Sd8uvx7wSnyER4kyI
                              MD5:B75309B925371B38997DF1B25C1EA508
                              SHA1:39CC8BCB8D4A71D4657FC92EF0B9F4E3E9E67ADD
                              SHA-256:F8D877B0B64600E736DFE436753E8E11ACB022E59B5D7723D7D221D81DC2FCDE
                              SHA-512:9C792EF3116833C90103F27CFD26A175AB1EB11286959F77062893A2E15DE44D79B27E5C47694CBBA734CC05A9A5BEFA72E991C7D60EAB1495AAC14C5CAD901D
                              Malicious:false
                              Preview:........... GDEF..|.......GPOS.......L...HGSUB.f.........LTSH...........uOS/2.#GQ...,...Vcmap..4........4cvt .y..........fpgm.!&.........glyf. ..........hdmx...M...(...\head..........6hhea...........$hmtx.S........-.loca'.c......-.maxp...Y....... nameW..r........post.&-.........prep.........................).......).....d. ...................{........B&H..@. ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..........................................................................................................".....".~...............E.u.z.~.......................O.\...............................:.R.m.............9.M.T.p.:.[.... . F p . . .!8!.!.".#.#.#!$i%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&.&.&.&.&<&@&B&`&c&f&k'.'.'''K'M'R'V'^'g'.'.'................ .3.....6.<.>.A.D.N.b.r.t......... .........P.......t.z.~
                              Process:C:\Users\Public\123.exe
                              File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc.Lucida Sans TypewriterBoldLucida Sans Typewrite
                              Category:dropped
                              Size (bytes):234068
                              Entropy (8bit):6.901545053424004
                              Encrypted:false
                              SSDEEP:6144:3BPS7w5KIMtYwqcO3GbA4MJcs2ME9UGQ2n9gM/oD:xVMtgcGGPMJcs4b9gM/4
                              MD5:A0C96AA334F1AEAA799773DB3E6CBA9C
                              SHA1:A5DA2EB49448F461470387C939F0E69119310E0B
                              SHA-256:FC908259013B90F1CBC597A510C6DD7855BF9E7830ABE3FC3612AB4092EDCDE2
                              SHA-512:A43CF773A42B4CEBF4170A6C94060EA2602D2D7FA7F6500F69758A20DC5CC3ED1793C7CEB9B44CE8640721CA919D2EF7F9568C5AF58BA6E3CF88EAE19A95E796
                              Malicious:false
                              Preview:...........POS/2..........VcmapW......4....cvt .M/.........fpgm..1.........glyf|......@....head.c....L...6hhea...........$hmtx.e.........tloca..h..."....xmaxp......7.... name......7.....post1..%..;h..I.prep.......4... .............3.......3...1.f................+...x.........B&H.. . ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a....................................................................................................................................x...........~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k...................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?.... . . . &
                              Process:C:\Users\Public\123.exe
                              File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc.Lucida Sans TypewriterRegularLucida Sans Typewriter R
                              Category:dropped
                              Size (bytes):242700
                              Entropy (8bit):6.936925430880877
                              Encrypted:false
                              SSDEEP:3072:VwzZsJcCrn271g+UGFDUnrrHqMyBtlc3+fzx5R1zeqZdDgfSkecUfEDpEXzSyPMx:GWcCrn2C46Ak+naqaucYEDpEX3gZoO9
                              MD5:C1397E8D6E6ABCD727C71FCA2132E218
                              SHA1:C144DCAFE4FAF2E79CFD74D8134A631F30234DB1
                              SHA-256:D9D0AAB0354C3856DF81AFAC49BDC586E930A77428CB499007DDE99ED31152FF
                              SHA-512:DA70826793C7023E61F272D37E2CC2983449F26926746605C550E9D614ACBF618F73D03D0C6351B9537703B05007CD822E42E6DC74423CB5CC736B31458D33B1
                              Malicious:false
                              Preview:...........POS/2...s.......`cmap..Rh...<....cvt m......@...<fpgm..1....|....glyf..;}...8....head.,j..2L...6hhea......2....$hmtx.....2.....loca.PB...H(....maxp.z....].... namex.R...].....post...Q..ax..I.prep.UJ....\.................).......).....d. ..............{.............B&H..@. ...D.\...... ........=..... ......................................................................................... !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..................................................................................................................~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k.........................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?..
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):14331
                              Entropy (8bit):3.512673497574481
                              Encrypted:false
                              SSDEEP:96:W6Zh/3dzz8XIrN2r1CdaqRWtHwBWgvw0Jy/ArUsJzu0HI:W6jhGIwxCdaqWQBWgvw0JyorBJzu0o
                              MD5:6E378235FB49F30C9580686BA8A787AA
                              SHA1:2FC76D9D615A35244133FC01AB7381BA49B0B149
                              SHA-256:B4A0C0A98624C48A801D8EA071EC4A3D582826AC9637478814591BC6EA259D4A
                              SHA-512:58558A1F8D9D3D6F0E21B1269313FD6AC9A80A93CC093A5E8CDEC495855FCD2FC95A6B54FE59E714E89D9274654BB9C1CD887B3FB9D4B9D9C50E5C5983C571B8
                              Malicious:false
                              Preview:# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# This properties file defines a Hijrah calendar variant...#..# Fields:..#..# <version> ::= 'version' '=' <version string>..# <id> ::= 'id' '=' <id string>..# <type> ::= 'type' '=' <type string>..# <iso-start> ::= 'iso-start' '=' <start date in the ISO calendar>..# <year> ::= <yyyy> '=' <nn nn nn nn nn nn nn nn nn nn nn nn>..#..# version ... (Required)..#..# id ... (Required)..# Identifies the Java Chronology..#..# type ... (Required)..# Identifies the type of calendar in the standard calendar ID scheme..# iso-start ... (Required)..# Specifies the corresponding ISO date to the first Hijrah day..# in the defined range of dates..#..# year ... (Required)..# Number of days for each month of a Hijrah year..# * Each line defines a ye
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):657
                              Entropy (8bit):4.993355967240905
                              Encrypted:false
                              SSDEEP:12:QcwmIzDpneoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoe9B7aEiwoXH3Eoe4Q:QhDpemaoXHIB5foMS1JUqf07f
                              MD5:9FD47C1A487B79A12E90E7506469477B
                              SHA1:7814DF0FF2EA1827C75DCD73844CA7F025998CC6
                              SHA-256:A73AEA3074360CF62ADEDC0C82BC9C0C36C6A777C70DA6C544D0FBA7B2D8529E
                              SHA-512:97B9D4C68AC4B534F86EFA9AF947763EE61AEE6086581D96CBF7B3DBD6FD5D9DB4B4D16772DCE6F347B44085CEF8A6EA3BFD3B84FBD9D4EF763CEF39255FBCE3
                              Malicious:false
                              Preview:# Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# List of JVMs that can be used as an option to java, javac, etc...# Order is important -- first in this list is the default JVM...# NOTE that this both this file and its format are UNSUPPORTED and..# WILL GO AWAY in a future release...#..# You may also select a JVM in an arbitrary location with the..# "-XXaltjvm=<jvm_dir>" option, but that too is unsupported..# and may not be available in a future release...#..-client KNOWN..-server KNOWN..
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1320
                              Entropy (8bit):5.02145006262851
                              Encrypted:false
                              SSDEEP:24:n3lG0Bf4dJ0qEAmG620WKG0WBph8T2AGjGg0kz8lrbfOi7:3E0Bf4qrzrlWzy+ckUfP
                              MD5:01B94C63BD5E6D094E84FF3AD640FFBF
                              SHA1:5570F355456250B1EC902375B0257584DB2360AE
                              SHA-256:52845DEB58038B4375C30B75DD2053726872758C96597C7CC5D6CEF11F42A2BA
                              SHA-512:816BE2271CF3ECF10EE40E24A288CE302B2810010BEF76EFC0CE5746591955921B70F19005335F485D61A7B216DCCE0B06750831720DD426D07709154D5FAC7A
                              Malicious:false
                              Preview:#..#..# Cursors Properties file..#..# Names GIF89 sources for Custom Cursors and their associated HotSpots..#..# Note: the syntax of the property name is significant and is parsed..# by java.awt.Cursor..#..# The syntax is: Cursor.<name>.<geom>.File=win32_<filename>..# Cursor.<name>.<geom>.HotSpot=<x>,<y>..#. Cursor.<name>.<geom>.Name=<localized name>..#..Cursor.CopyDrop.32x32.File=win32_CopyDrop32x32.gif..Cursor.CopyDrop.32x32.HotSpot=0,0..Cursor.CopyDrop.32x32.Name=CopyDrop32x32..#..Cursor.MoveDrop.32x32.File=win32_MoveDrop32x32.gif..Cursor.MoveDrop.32x32.HotSpot=0,0..Cursor.MoveDrop.32x32.Name=MoveDrop32x32..#..Cursor.LinkDrop.32x32.File=win32_LinkDrop32x32.gif..Cursor.LinkDrop.32x32.HotSpot=0,0..Cursor.LinkDrop.32x32.Name=LinkDrop32x32..#..Cursor.CopyNoDrop.32x32.File=win32_CopyNoDrop32x32.gif..Cursor.CopyNoDrop.32x32.HotSpot=6,2..Cursor.CopyNoDrop.32x32.Name=CopyNoDrop32x32..#..Cursor.MoveNoDrop.32x32.File=win32_MoveNoDrop32x32.gif..Cursor.MoveNoDrop.32x32.Ho
                              Process:C:\Users\Public\123.exe
                              File Type:GIF image data, version 89a, 32 x 32
                              Category:dropped
                              Size (bytes):153
                              Entropy (8bit):6.2813106319833665
                              Encrypted:false
                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                              Malicious:false
                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                              Process:C:\Users\Public\123.exe
                              File Type:GIF image data, version 89a, 31 x 32
                              Category:dropped
                              Size (bytes):165
                              Entropy (8bit):6.347455736310776
                              Encrypted:false
                              SSDEEP:3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn
                              MD5:89CDF623E11AAF0407328FD3ADA32C07
                              SHA1:AE813939F9A52E7B59927F531CE8757636FF8082
                              SHA-256:13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
                              SHA-512:2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
                              Malicious:false
                              Preview:GIF89a.. ................!.......,...... ...vL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.. V..9'......f.T....w.xW.B.....P..;
                              Process:C:\Users\Public\123.exe
                              File Type:GIF image data, version 89a, 32 x 32
                              Category:dropped
                              Size (bytes):153
                              Entropy (8bit):6.2813106319833665
                              Encrypted:false
                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                              Malicious:false
                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                              Process:C:\Users\Public\123.exe
                              File Type:GIF image data, version 89a, 31 x 32
                              Category:dropped
                              Size (bytes):168
                              Entropy (8bit):6.465243369905675
                              Encrypted:false
                              SSDEEP:3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn
                              MD5:694A59EFDE0648F49FA448A46C4D8948
                              SHA1:4B3843CBD4F112A90D112A37957684C843D68E83
                              SHA-256:485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
                              SHA-512:CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
                              Malicious:false
                              Preview:GIF89a.. ................!.......,...... ...yL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.6.'.....`1]......u.Q.r.V..C......f.P..;
                              Process:C:\Users\Public\123.exe
                              File Type:GIF image data, version 89a, 32 x 32
                              Category:dropped
                              Size (bytes):153
                              Entropy (8bit):6.2813106319833665
                              Encrypted:false
                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                              Malicious:false
                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                              Process:C:\Users\Public\123.exe
                              File Type:GIF image data, version 89a, 31 x 32
                              Category:dropped
                              Size (bytes):147
                              Entropy (8bit):6.147949937659802
                              Encrypted:false
                              SSDEEP:3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p
                              MD5:CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
                              SHA1:1333F489AC0506D7DC98656A515FEEB6E87E27F9
                              SHA-256:12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
                              SHA-512:9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
                              Malicious:false
                              Preview:GIF89a.. ................!.......,...... ...dL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj.....-.kj..m.....X,&.......S..;
                              Process:C:\Users\Public\123.exe
                              File Type:GIF image data, version 89a, 32 x 32
                              Category:dropped
                              Size (bytes):153
                              Entropy (8bit):6.2813106319833665
                              Encrypted:false
                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                              Malicious:false
                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):58
                              Entropy (8bit):4.4779965120705425
                              Encrypted:false
                              SSDEEP:3:CEBqRM9LTAGQdLV6ETEBqRM9LHQIuHPy:CEAsnAbLlszQdy
                              MD5:3C2B9CCAAD3D986E5874E8C0F82C37CF
                              SHA1:D1DDA4A2D5D37249C8878437DBF36C6AE61C33D1
                              SHA-256:D5BCD7D43E383D33B904CFF6C80ACE359DBE2CE2796E51E9743358BD650E4198
                              SHA-512:4350CCA847D214479C6AE430EB71EE98A220EA10EC175D0AB317A8B43ABC9B4054E41D0FF383F26D593DE825F761FB93704E37292831900F31E5E38167A41BAB
                              Malicious:false
                              Preview:javafx.runtime.version=8.0.101..javafx.runtime.build=b13..
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):476286
                              Entropy (8bit):7.905283162751186
                              Encrypted:false
                              SSDEEP:12288:k4VtaECp5plmgYhuWvHuR9Ta/+Aw7okxygk+W:kUChlHYHMaHw7XxW
                              MD5:5D8C1723F3005BD63DBA2B478CE15621
                              SHA1:AB26A6167789DCF81A0C40D121DC91005804C703
                              SHA-256:B637B78CFC33C92D4838D5FABFD0647CE03C3EF69D86EF6A7E6F229510AAF3B5
                              SHA-512:9830CCDFE913A492BB4E0015EE3E729BEA8EC1F22EDF48ED7CE2AEFD5376DF24F33948B9155E31EDFA9BC240544406FD2C43A34DD1366E4936B3318D3CA5ED1C
                              Malicious:false
                              Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/javaws/PK...........H................com/sun/javaws/exceptions/PK...........H................com/sun/javaws/jnl/PK...........H................com/sun/javaws/net/PK...........H................com/sun/javaws/net/protocol/PK...........H............ ...com/sun/javaws/net/protocol/jar/PK...........H................com/sun/javaws/progress/PK...........H................com/sun/javaws/security/PK...........H................com/sun/javaws/ui/PK...........H................com/sun/javaws/util/PK...........H................com/sun/jnlp/PK...........H................javax/PK...........H................javax/jnlp/PK...........H~p4=........#...com/sun/javaws/BrowserSupport.class.RMO.1.}...].H @.|.|(...P..B.....
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):114950
                              Entropy (8bit):7.912507028584016
                              Encrypted:false
                              SSDEEP:1536:5sNJO+ylt6se6sgU0w/XzGYWuSy15DudYLSfaxwpt5g1naZEqwoJ8sYcF+z/VSG8:aj8GHXZSy1pudYLdQe1ATtKVS+ws9O
                              MD5:A39F61D6ED2585519D7AF1E2EA029F59
                              SHA1:52515AC6DEAB634F3495FD724DEA643EE442B8FD
                              SHA-256:60724D9E372FBE42759349A06D3426380CA2B9162FA01EB2C3587A58A34AD7E0
                              SHA-512:AC2E9AB749F5365BE0FB8EBD321E8F231D22EAE396053745F047FCBCCF8D3DE2F737D3C37A52C715ADDFBDBD18F14809E8B37B382B018B58A76E063EFBA96948
                              Malicious:false
                              Preview:PK........gwHG................META-INF/MANIFEST.MF.Y....Y.C,j.m.,....z..I &1.m....b........D..+.$t......]....h.o......x...~..?..<@....7#n3.......m../\..u..>.....#......~.K..A..x ..../J...xa..,.._...G...?^...{...>.uj.AQ?^h....c_.pc..W....c.A..`....-.~ak.....^.&.......l.......X.kG.~yg..f......Z..b..L|......4....`..}........mG.o.....kU..*;W.HCU....e.....V..,...1Y.z<.n.A.j.....P..S.($,z........uD".9;..q...k.:p3pW......O...(....\.B...2...#.,.;w.q..k0r.el\F.^.!p..$.....}.9..lhf.P..:.E.&Lf..5.7....W.A.....[7.N}..+.J!.9.Gl.... ...rL.B}.Q.,.'.....@...W.ry[Ok&.......o...dp%..2.\.[2.........fB.p..Xd._.lA....xw..`.r..8...o.....ad}-..;...6....e...F.&e\....'...fA.Db.......%.@..^..U...*..q<.Z.K.T...."r.b...7@8.)4..~.4b....Y.q..u..N..|...e.#.I....4c{.....g.R....]......F.fo.F.u.).F.Z]..(.c|s....u.i..8..=..N%....]...)Xj\..t..w..ql..n.....2..u...|x$7YL.M.?..]..W...m^].~...{....I..{......[-..].f....Sc..c..6..kN.>....7x.k..a7S......8..e.w....*......&.;.
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):560553
                              Entropy (8bit):5.781566946934384
                              Encrypted:false
                              SSDEEP:12288:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7TQ5cD:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f3
                              MD5:CCB395235C35C3ACBA592B21138CC6AB
                              SHA1:29C463AA4780F13E77FB08CC151F68CA2B2958D5
                              SHA-256:27AD8EA5192EE2D91BA7A0EACE9843CB19F5E145259466158C2F48C971EB7B8F
                              SHA-512:D4C330741387F62DD6E52B41167CB11ABD8615675FE7E1C14AE05A52F87A348CBC64B56866AE313B2906B33CE98BE73681F769A4A54F6FE9A7D056F88CF9A4E1
                              Malicious:false
                              Preview:PK........t..H................META-INF/....PK........t..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........HB.<>^...^...8...com/oracle/jrockit/jfr/client/EventSettingsBuilder.class.......4....5.f..g....f..4.h..4.i..j....f..4.k..l....m..4.n..o....f..4.p..q..r....f....s....t....u....v..w..x..y....z..{....|....}....~.................................#.........................)...................................................eventDefaultSets...Ljava/util/ArrayList;...Signature..DLjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventDefaultSet;>;...settings..ALjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventSetting;>;...eventDescriptorType..2Loracle/jrockit/jfr/openmbean/
                              Process:C:\Users\Public\123.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):20670
                              Entropy (8bit):4.627043889535612
                              Encrypted:false
                              SSDEEP:192:VOMjUVCEM0Ut0ZINFWbqsZSwOVzx8xyxxxbAJ1muS7khPdyPsXZd2ZhptEgReW82:VONVTVgF9SsTMLA
                              MD5:47495DA4E7B3AF33F5C3ED1E35AC25AE
                              SHA1:F6DE88A4C6AE0C14B9F875FB4BC4721A104CB0EE
                              SHA-256:37D19EAC73DEEB613FBB539AE7E7C99339939EB3EFEC44E9EB45F68426E9F159
                              SHA-512:74DBEB118575B8881D5B43270EF878162DBDC222AC6D20F04699B2B733427347ABC76D6E82BF7728FCC435129B114E4C75D011FC5DDDEAF5A59E137BBC81F2B9
                              Malicious:false
                              Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Continuous" description="Low overhead configuration safe for continuous use in production environments, typically less than 1 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="fals
                              Process:C:\Users\Public\123.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):20626
                              Entropy (8bit):4.626761353117893
                              Encrypted:false
                              SSDEEP:192:VeMjUECOwMsUt0ZINFWbqeZSwOVza8ayaxabAJ1duSikhPdyPsXZd2ZhptEgReWL:VeNEg/gF/ZnixLy
                              MD5:5480BEF2CA99090857E5CBF225C12A78
                              SHA1:E1F73CA807EC14941656FBE3DB6E5E5D9032041D
                              SHA-256:5FB0982C99D6BF258335FB43AAAE91919804C573DFD87B51E05C54ADB3C0392B
                              SHA-512:65FE0D6DA17E62CF29875910EB84D57BC5BB667C753369B4F810028C0995E63C322FAD2EB99658B6C19E11E8D2A40CB11B3C09943EB9C0B88F45626579ECE058
                              Malicious:false
                              Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Profiling" description="Low overhead configuration for profiling, typically around 2 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="false">.. <or>.. <test name="
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):33932
                              Entropy (8bit):7.930702746433849
                              Encrypted:false
                              SSDEEP:768:xYJfTGikW6VajSe/SA5vN9kqizE48ojVxQYuW+t:xY5TpkK/nFNIzptjVxYHt
                              MD5:C401E00A5DE0DD9723885CEF9E2F5A44
                              SHA1:B6735B93811517F062A20869D8A0B57FAEFF6A90
                              SHA-256:C6574F4763696F2A83028DE143D9ED1C975062BA2D44CC5C91558751FB84BCD6
                              SHA-512:595B950AD5BFF930654BF7FB996BA222D19B4F175821AB0FD6EC4F54D4B7D62B37757429051D1302BC438AB76350B4CD0A07BA712CAECC79DCDB0C60494B5AB2
                              Malicious:false
                              Preview:PK...........H................META-INF/....PK...........H.E..Z...g.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..x...R.KRSt.*A.-...M.t....4....sR......K..5y.x..PK...........H................javafx/PK...........H................javafx/embed/PK...........H................javafx/embed/swt/PK...........Hj...........%...javafx/embed/swt/CustomTransfer.class.T[S.F.=.MX(..!............8..`h.d....." yd..........4....%..k.N..ka.83..[.....|+...........#.OD..1...1.1.S1....*>..I..TL.....Y..*.S.q.-KAja..6.M.Y7V|.v...e............+...u...Z.....Z......k...O.v.....x..f...M.v...~I....j.N.(.R.... ..n.%).l:.N..,J...-.%.os:.v.K..V.._p.u.l..e...S5...^.....3+.Yy.h.RtGR..y.)..~...g..R.;5K...{.G.*..X.JP....D....8..[3.g...'d.e#Z.|c.j.t..F.w..t.W.j.,K[q.^..E.=M.a..6d.Z..yV.....=..........:.WG.............RA.<......qT...,*.=.....t\......(aI.2.....!..Jp.,..<.x..n.S....N.K.e.W....N.-..`....hmQ.E.fGE..$..n...4I{.......l_.)......?.Z>...t
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):633957
                              Entropy (8bit):6.018176262975427
                              Encrypted:false
                              SSDEEP:6144:ABoQeW0HKwYGORU+ehqEmke1WEAibVR0GPs4j8GgflXhuuMAjYDTj:Uo40WGdNmpb3DP75
                              MD5:FD1434C81219C385F30B07E33CEF9F30
                              SHA1:0B5EE897864C8605EF69F66DFE1E15729CFCBC59
                              SHA-256:BC3A736E08E68ACE28C68B0621DCCFB76C1063BD28D7BD8FCE7B20E7B7526CC5
                              SHA-512:9A778A3843744F1FABAD960AA22880D37C30B1CAB29E123170D853C9469DC54A81E81A9070E1DE1BF63BA527C332BB2B1F1D872907F3BDCE33A6898A02FEF22D
                              Malicious:false
                              Preview:PK........u..H................META-INF/....PK........u..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....E...E...+...com/sun/net/ssl/internal/ssl/Provider.class.......4...............................serialVersionUID...J...ConstantValue.,..c".J-...<init>...()V...Code...LineNumberTable...(Ljava/security/Provider;)V...(Ljava/lang/String;)V...isFIPS...()Z...install...SourceFile...Provider.java......................%com/sun/net/ssl/internal/ssl/Provider...sun/security/ssl/SunJSSE.1.......................................!........*...................)...*............."........*+......................./............."........*+...................3...4.)........................
                              Process:C:\Users\Public\123.exe
                              File Type:Algol 68 source, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):4312
                              Entropy (8bit):4.756104846669624
                              Encrypted:false
                              SSDEEP:96:6VprYJmprYJD9Y3t3qFKPG7hLxVJgdTsfbFfcwQoPv:6HrsursD9Y3t36KPG7HyoBQoX
                              MD5:AD91D69A4129D31D72FBE288FF967943
                              SHA1:CB510AFCDBECEA3538C3F841C0440194573DBB65
                              SHA-256:235A50D958FAEDDE808D071705A6D603F97611F568EEC40D7444984B984A4B18
                              SHA-512:600BEE4676D26E2CE5B9171582540021509A4D7888C9C7BADC14F0FAD07007E4CE2B4C007A8EB15BD0D977722B8B34442012EA972FFBD72797475A56CDFD86EE
                              Malicious:false
                              Preview:Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:.... - Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer..... - Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... - Neither the name of Oracle nor the names of its.. contributors may be used to endorse or promote products derived.. from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS..IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,..THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR..PURP
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):2514
                              Entropy (8bit):4.525846572478507
                              Encrypted:false
                              SSDEEP:48:/GXieQT8cg6ZGBjn4stbaWUwO61xFMxO9:OXieW8nBjn4x613Mw9
                              MD5:0AA5D5EFDB4F2B92BEBBEB4160AA808B
                              SHA1:C6F1B311A4D0790AF8C16C1CA9599D043BA99E90
                              SHA-256:A3148336160EA7EF451052D1F435F7C9D96EEB738105AC730358EDADA5BD45A2
                              SHA-512:A52C2B784CF0B01A2AF3066F4BB8E7FD890A86CFD82359A22266341942A25333D4C63BA2C02AA43ADE872357FC9C8BBC60D311B2AF2AD2634D60377A2294AFDD
                              Malicious:false
                              Preview:############################################################..# .Default Logging Configuration File..#..# You can use a different file by specifying a filename..# with the java.util.logging.config.file system property. ..# For example java -Djava.util.logging.config.file=myfile..############################################################....############################################################..# .Global properties..############################################################....# "handlers" specifies a comma separated list of log Handler ..# classes. These handlers will be installed during VM startup...# Note that these classes must be on the system classpath...# By default we only configure a ConsoleHandler, which will only..# show messages at the INFO and above levels...handlers= java.util.logging.ConsoleHandler....# To also add the FileHandler, use the following line instead...#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler....# Default global
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):381
                              Entropy (8bit):4.99308306420453
                              Encrypted:false
                              SSDEEP:6:5ji0B4r/Rjiszbdy/oocj+sqX2K5YZ5/CUMQxxi6m4xijgxmzbdGh/4:5ji0GJjiIq1cCvXPA/CUMQxoeocx2K/4
                              MD5:B608D45DCDD7A4CAD6A63A89A002F683
                              SHA1:F6E3BB7050C3B1A3BED9B33122C4A98E6B9A810D
                              SHA-256:52CA96531445B437DCA524CB3714FCD8D70221D37A6B9C80F816713C3040DD0A
                              SHA-512:407E7CA807826F0E41B085BCA0F54F0134E3B9AC16FA5480EDE02774067DAD46AA07D225BA2981DEC2A7297EA57721EAB8C54E8BED83D352EC6C00ABFDBBF626
                              Malicious:false
                              Preview:PK........t..H................META-INF/......PK..............PK........t..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r9....:.$..[).....&.%....E..r.\.E....y...r..PK.....k.......PK..........t..H..............................META-INF/....PK..........t..H...k.....................=...META-INF/MANIFEST.MFPK..........}.........
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):4077
                              Entropy (8bit):4.472483528668558
                              Encrypted:false
                              SSDEEP:96:eii7cSoFKfgCe/D4dtQN+wvohSoVGPbPvRZUIpeDMy:eiiISokfXeEk+wQhnMPbnRZR7y
                              MD5:41B36D832BE39A3CF0F3D7760E55FDCB
                              SHA1:E706E9BE75604A13DFCC5A96B1720A544D76348B
                              SHA-256:71A930CBE577CBABB4269650C98D227F739E0D4B9C0B44830DD3D52F5015BE1F
                              SHA-512:41E6B8639C1CEB3D09D2FDEEEBA89FFA17C4ED8B1AD0DF1E5AB46C4BF178688D5504DC5A3C854226F7DA23DFA0EDAB0D035D6B56495829F43AAA2A7BABEC4273
                              Malicious:false
                              Preview:######################################################################..# Default Access Control File for Remote JMX(TM) Monitoring..######################################################################..#..# Access control file for Remote JMX API access to monitoring...# This file defines the allowed access for different roles. The..# password file (jmxremote.password by default) defines the roles and their..# passwords. To be functional, a role must have an entry in..# both the password and the access files...#..# The default location of this file is $JRE/lib/management/jmxremote.access..# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# (See that file for details)..#..# The file format for password and access files is syntactically the same..# as the Properties file format. The syntax is described in the Javadoc..# for java.util.Properties.load...# A typical access file has multiple
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):2920
                              Entropy (8bit):4.545881645777106
                              Encrypted:false
                              SSDEEP:48:MRSflLrmpop7JN/PgP8KAeoYsnZyhNMVJKWfVStEqwP0pba:Mkv7ngUZYsnRnfYdhE
                              MD5:5DD28AAF5A06C946DF7B223F33482FDF
                              SHA1:D09118D402CA3BA625B165ECACE863466D7F4CE9
                              SHA-256:24674176A4C0E5EEFB9285691764EA06585D90BBDAF5BF40C4220DE7CA3E3175
                              SHA-512:13C6F37E969A5AECE2B2F938FA8EBF6A72C0C173678A026E77C35871E4AE89404585FB1A3516AE2CA336FC47EAB1F3DD2009123ADBA9C437CD76BA654401CBDF
                              Malicious:false
                              Preview:# ----------------------------------------------------------------------..# Template for jmxremote.password..#..# o Copy this template to jmxremote.password..# o Set the user/password entries in jmxremote.password..# o Change the permission of jmxremote.password to read-only..# by the owner...#..# See below for the location of jmxremote.password file...# ----------------------------------------------------------------------....##############################################################..# Password File for Remote JMX Monitoring..##############################################################..#..# Password file for Remote JMX API access to monitoring. This..# file defines the different roles and their passwords. The access..# control file (jmxremote.access by default) defines the allowed..# access for each role. To be functional, a role must have an entry..# in both the password and the access files...#..# Default location of this file is $JRE/lib/management/jmx
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):14415
                              Entropy (8bit):4.623139916889837
                              Encrypted:false
                              SSDEEP:192:PLrOKIXaIr8Jzc90OEqfmdbHHHN6pDIdpgzri:PLrOKIXaIgYiOE0mdbHHHNGD4p0+
                              MD5:054E093240388F0322604619EF643F18
                              SHA1:6E110C2A5D813013E9C57700BE8B0D17896E950C
                              SHA-256:BF41D73EAB0DA8222FE24255E1BBF68327FB02B1A4F1E7A81B9C7B539033FFB2
                              SHA-512:BD60C6271CDEFFFF4563E6E2CF97C176D86F160092D1FFCBE7EEFE714BA75DDC5FB4E848A5FDBE7A1D1510720D92AF6A176A76DE2CC599F27E4BEAE8E692C5D3
                              Malicious:false
                              Preview:#####################################################################..#.Default Configuration File for Java Platform Management..#####################################################################..#..# The Management Configuration file (in java.util.Properties format)..# will be read if one of the following system properties is set:..# -Dcom.sun.management.jmxremote.port=<port-number>..# or -Dcom.sun.management.snmp.port=<port-number>..# or -Dcom.sun.management.config.file=<this-file>..#..# The default Management Configuration file is:..#..# $JRE/lib/management/management.properties..#..# Another location for the Management Configuration File can be specified..# by the following property on the Java command line:..#..# -Dcom.sun.management.config.file=<this-file>..#..# If -Dcom.sun.management.config.file=<this-file> is set, the port..# number for the management agent can be specified in the config file..# using the following lines:..#..# ################ Management Agen
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):3486
                              Entropy (8bit):4.4357861198752975
                              Encrypted:false
                              SSDEEP:48:MlXHR6+76EX0o8KA0Esns+ek2OrRC9AUE4T7AKQi2r8BKS3GpPsDu0cpUxJAJKk3:M9HRb7l0FAEsnJKmS32X00h
                              MD5:9D9EC1BB9E357BBFB72B077E4AF5F63F
                              SHA1:6484B03DBE9687216429D3A6F916773C060E15CE
                              SHA-256:8B02A29BC61B0F7203DF7CA94140F80D2C6A1138064E0441DFD621CF243A0339
                              SHA-512:5FE39BBFCA806CE45871A6223D80FA731EFAA5D31C3B97EE055AB77EAF3833342945F39E9858335D9DD358B4B7F984FFADE741452E19B60B8E510AA74AC02C00
                              Malicious:false
                              Preview:# ----------------------------------------------------------------------..# Template for SNMP Access Control List File..#..# o Copy this template to snmp.acl..# o Set access control for SNMP support..# o Change the permission of snmp.acl to be read-only..# by the owner...#..# See below for the location of snmp.acl file...# ----------------------------------------------------------------------....############################################################..# SNMP Access Control List File ..############################################################..#..# Default location of this file is $JRE/lib/management/snmp.acl...# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# or by specifying a system property (See that file for details)...#......##############################################################..# File permissions of the snmp.acl file..######################
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):2126
                              Entropy (8bit):4.970874214349507
                              Encrypted:false
                              SSDEEP:48:EE796OfeCiuG2M5tP5iMmC5KOAY2HQii+r4IzteKk:EnEiuGJbP5lmC5KOA3HQii+EIz8Kk
                              MD5:91AA6EA7320140F30379F758D626E59D
                              SHA1:3BE2FEBE28723B1033CCDAA110EAF59BBD6D1F96
                              SHA-256:4AF21954CDF398D1EAE795B6886CA2581DAC9F2F1D41C98C6ED9B5DBC3E3C1D4
                              SHA-512:03428803F1D644D89EB4C0DCBDEA93ACAAC366D35FC1356CCABF83473F4FEF7924EDB771E44C721103CEC22D94A179F092D1BFD1C0A62130F076EB82A826D7CB
                              Malicious:false
                              Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..# charsets.jar..sun/nio..sun/awt..# jce.jar..javax/crypto..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# jfr.jar..oracle/jrockit/..jdk/jfr..com/oracle/jrockit/..! jsse.jar..sun/security..com/sun/net/..! management-agent.jar..@ resources.jar..com/sun/java/util/jar/pack/..META-INF/services/sun.util.spi.XmlPropertiesProvider..META-INF/services/javax.print.PrintServiceLookup..com/sun/corba/..META-INF/services/javax.sound.midi.spi.SoundbankReader..sun/print..META-INF/services/javax.sound.midi.spi.MidiFileReader..META-INF/services/sun.java2d.cmm.CMMServiceProvider..javax/swing..META-INF/services/javax.sound.sampled.spi.AudioFileReader..META-INF/services/javax.sound.midi.spi.MidiDeviceProvider..sun/net..META-INF/services/javax.sound.sampled.spi.AudioFileWriter..com/sun/imageio/..META-INF/services/sun.java2d.pipe.Ren
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):3144
                              Entropy (8bit):4.858724831876285
                              Encrypted:false
                              SSDEEP:48:VBnTRxiW1nTbXMROXX6zcjd6vEzcoZDTzcj8L0zccfbb6wB:VBnvisPMQ6z+zPVzv0zVfvT
                              MD5:1CBB261944925044B1EE119DC0563D05
                              SHA1:05F2F63047F4D82F37DFA59153309E53CAA4675C
                              SHA-256:5BAF75BDD504B2C80FF5B98F929A16B04E9CB06AA8AAE30C144B5B40FEBE0906
                              SHA-512:C964A92BE25BACF11D20B61365930CAB28517D164D9AE4997651E2B715AA65628E45FA4BD236CCD507C65E5D85A470FD165F207F446186D22AE4BD46A04006E6
                              Malicious:false
                              Preview:############################################################..# .Default Networking Configuration File..#..# This file may contain default values for the networking system properties...# These values are only used when the system properties are not specified..# on the command line or set programatically...# For now, only the various proxy settings can be configured here...############################################################....# Whether or not the DefaultProxySelector will default to System Proxy..# settings when they do exist...# Set it to 'true' to enable this feature and check for platform..# specific proxy settings..# Note that the system properties that do explicitely set proxies..# (like http.proxyHost) do take precedence over the system settings..# even if java.net.useSystemProxies is set to true... ..java.net.useSystemProxies=false....#------------------------------------------------------------------------..# Proxy configuration for the various protocol handlers...# D
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):1012097
                              Entropy (8bit):7.896417877823185
                              Encrypted:false
                              SSDEEP:24576:q7jNpf26MPAMSL/wxSz2ijt2eejo+oV3vv:6NVZEaL4xSljt2eHNV3
                              MD5:54EF6C22FAAAE5850091031763078D37
                              SHA1:11D40B78BB606E245CB5E17C6DDB08193A34B40E
                              SHA-256:654B033B1DC315EB9806F0D35ABAF3F25064AC806292ACB2BD818F6B2DF2AD07
                              SHA-512:10998B6508D5571E1ECE2001C6E561169D3DBD7580A3DE439067D1195FBE85E6BD1729A0874E306234391AF963E1B062050276E1AC0E9C9FA289711738B41B31
                              Malicious:false
                              Preview:PK........!..H................META-INF/....PK........ ..H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/uitoolkit/PK...........H................com/sun/deploy/uitoolkit/impl/PK........!..H............"...com/sun/deploy/uitoolkit/impl/awt/PK...........H............#...com/sun/deploy/uitoolkit/impl/text/PK...........H................com/sun/deploy/uitoolkit/ui/PK...........H................com/sun/java/PK...........H................com/sun/java/browser/PK...........H................com/sun/java/browser/plugin2/PK...........H............)...com/sun/java/browser/plugin2/liveconnect/PK...........H............,...com/sun/java/browser/plugin2/liveconnect/v1/PK...........H................netscape/PK...........H................netscape/javascript/PK.........
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):2915
                              Entropy (8bit):5.2172692442941075
                              Encrypted:false
                              SSDEEP:48:GgQv18IsTJvuUdEt6u7KeblbhGwQEvzZIE+i+WEi+Iq4fNSg2kv:Gb6Xha1hFGwQEvdh+5g2kv
                              MD5:A38587427E422D55B012FA3E5C9436D2
                              SHA1:7BD1B81B39DA78124BE045507E0681E860921DBB
                              SHA-256:D2C47DE948033ED836B375CCD518CF55333FE11C4CED56BC1CE2FF62114CF546
                              SHA-512:EA6CA975E9308ED2B3BBCCE91EE61142DAB0067CE8F17CB469929F6136E6B4A968BAC838141D8B38866F9EF5E15E156400859CCCC84FB114214E19556F0DC636
                              Malicious:false
                              Preview:#..#..# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.Japanese PostScript printer property file..#..font.num=16..#..serif=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..monospaced=monospaced..courier=monospaced..dialog=sansserif..dialoginput=monospaced..#..serif.latin1.plain=Times-Roman..serif.latin1.italic=Times-Italic..serif.latin1.bolditalic=Times-BoldItalic..serif.latin1.bold=Times-Bold..#..sansserif.latin1.plain=Helvetica..sansserif.latin1.italic=Helvetica-Oblique..sansserif.latin1.bolditalic=Helvetica-BoldOblique..sansserif.latin1.bold=Helvetica-Bold..#..monospaced.latin1.plain=Courier..monospaced.latin1.italic=Courier-Oblique..monospaced.latin1.bolditalic=Courier-BoldOblique..monospaced.latin1.bold=Courier-Bold..#..serif.x11jis0208.plain=Ryumin-Light-H..serif.x11jis0208.italic=Ryumin-Light-H
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):10716
                              Entropy (8bit):5.016037435830914
                              Encrypted:false
                              SSDEEP:192:Jp22HdiEUEdWUcPeJ7fbdHmcbiLMWNDyZcy57ha1xh3qvfRdIdyJkW:u2HdiEUEdGY1gbD9TKdIdyJkW
                              MD5:66B3E6770C291FE8CD3240FFBB00DC47
                              SHA1:88CE9D723A2D4A07FD2032A8B4A742FE323EEC8F
                              SHA-256:7EA6E05D3B8B51D03C3D6548E709C220541DF0F1AEE2E69B9101C9F051F7C17A
                              SHA-512:D1B99AA011568AFFA415758C986B427588AE87FE5EB7FC52D519F7167AD46BBFF8B62799F14D8DBC7C55DEB6FF7259445D6E8882CC781D61206ED1B79B688745
                              Malicious:false
                              Preview:#..#..# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.PostScript printer property file for Java 2D printing...#..# WARNING: This is an internal implementation file, not a public file...# Any customisation or reliance on the existence of this file and its..# contents or syntax is discouraged and unsupported...# It may be incompatibly changed or removed without any notice...#..#..font.num=35..#..# Legacy logical font family names and logical font aliases should all..# map to the primary logical font names...#..serif=serif..times=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..dialog=sansserif..dialoginput=monospaced..monospaced=monospaced..courier=monospaced..#..# Next, physical fonts which can be safely mapped to standard postscript fonts..# These keys generally map to a value which is the same as the key, so
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):3490933
                              Entropy (8bit):6.067002853185717
                              Encrypted:false
                              SSDEEP:49152:WX4zfeUcKDQ1toKXiO3fLxqhH3YRazQwIK7XgnyRMvMtMm55HopLKbtJzUkMkOBV:GL
                              MD5:9A084B91667E7437574236CD27B7C688
                              SHA1:D8926CC4AA12D6FE9ABE64C8C3CB8BC0F594C5B1
                              SHA-256:A1366A75454FC0F1CA5A14EA03B4927BB8584D6D5B402DFA453122AE16DBF22D
                              SHA-512:D603AA29E1F6EEFFF4B15C7EBC8A0FA18E090D2E1147D56FD80581C7404EE1CB9D6972FCF2BD0CB24926B3AF4DFC5BE9BCE1FE018681F22A38ADAA278BF22D73
                              Malicious:false
                              Preview:PK...........H................META-INF/....PK...........H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....$...$.......META-INF/mailcap.default#.# This is a very simple 'mailcap' file.#.image/gif;;..x-java-view=com.sun.activation.viewers.ImageViewer.image/jpeg;;..x-java-view=com.sun.activation.viewers.ImageViewer.text/*;;..x-java-view=com.sun.activation.viewers.TextViewer.text/*;;..x-java-edit=com.sun.activation.viewers.TextEditor.PK...........H..{~2...2.......META-INF/mimetypes.default#.# A simple, old format, mime.types file.#.text/html..html htm HTML HTM.text/plain..txt text TXT TEXT.image/gif..gif GIF.image/ief..ief.image/jpeg..jpeg jpg jpe JPG.image/tiff..tiff tif.
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):63602929
                              Entropy (8bit):5.963369315504544
                              Encrypted:false
                              SSDEEP:786432:WyfysbZyGp7g85KKwcl0HeJgyll3LTjjA:F0GZTjjA
                              MD5:EDB5B5B3EF4565E4E86BFFE647FB1AA2
                              SHA1:11F5B1B2D729309059B1BD1FE2922251D9451D5F
                              SHA-256:D00351BD39DE7DBF9E9FDBB9EE1FD82189189F9BC82E988B58E1E950D1D4BDC8
                              SHA-512:05E7F9ED915610B70664EB7CB68F3F0BBA5BD5CF208BBDB54007DA5FF6311A6DDBBF057E0DF5A346C9042333C29E5C766B2C0A686628F8655C2E75061A9179C1
                              Malicious:false
                              Preview:PK...........H................META-INF/....PK...........H.5.%...%.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....Name: javax/swing/JCheckBoxMenuItem.class..Java-Bean: True....Name: javax/swing/JDialog.class..Java-Bean: True....Name: javax/swing/JSlider.class..Java-Bean: True....Name: javax/swing/JTextField.class..Java-Bean: True....Name: javax/swing/JTextPane.class..Java-Bean: True....Name: javax/swing/JTextArea.class..Java-Bean: True....Name: javax/swing/JList.class..Java-Bean: True....Name: javax/swing/JFormattedTextField.class..Java-Bean: True....Name: javax/swing/JApplet.class..Java-Bean: True....Name: javax/swing/JSpinner.class..Java-Bean: True....Name: javax/swing/JLabel.class..Java-Bean
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):3026
                              Entropy (8bit):7.48902128028383
                              Encrypted:false
                              SSDEEP:48:9JJweDY2LXQ4lAAldrou1YgH767KWajaHpwrHZt0H9BRJgfHilVVt2+HZ:PCcY26Iou1YgHqK3WJGeHn8fH4VVttHZ
                              MD5:EE4ED9C75A1AAA04DFD192382C57900C
                              SHA1:7D69EA3B385BC067738520F1B5C549E1084BE285
                              SHA-256:90012F900CF749A0E52A0775966EF575D390AD46388C49D512838983A554A870
                              SHA-512:EAE6A23D2FD7002A55465844E662D7A5E3ED5A6A8BAF7317897E59A92A4B806DD26F2A19B7C05984745050B4FE3FFA30646A19C0F08451440E415F958204137C
                              Malicious:false
                              Preview:PK........F..C................META-INF/MANIFEST.MFe.Ao.0...;....-K....d..e.&.UM.BJ)..h)E..~..v......nXI;.wTv.7.p,.4.R..!R.6Gu.@.T.f.....1....}..l.<.....9..K.F..4L#.5.@.{Ih...L.-B8y.`..q....{.v....|...K.l..=....]...m..........T.E...Ke.^1...2..Rwz..2.......pI...N..m..H..;..?..PK.............PK........F..C................META-INF/ORACLE_J.SFu.Ko.@...;...c...->H<.j)XDA./f.eYy,Y.-.....Mos.f.....P.!.1).A..x.5Tq(...F.f..(q..p)..Q|n....I...*Q..Y..@.FS..Y...<'........E..++..j..`N...b..P.iS.Z.e.<r.[a.....ct.............. ...Z..X...x...T..44.'.......ok...h../Z..*..._..Z~mK...zh.....a........w..W..G._?..h.l....';+..&w....+..;K.......PK..+.s.4.......PK........F..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4...5440.b3....( ...5.r.....i.I.......s@.E..E.%..y...A...GF`.27.......aK....o
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):4149
                              Entropy (8bit):5.816047466650347
                              Encrypted:false
                              SSDEEP:96:ubCHVyxwEyPEtpuVFWny6NnXjekkMDV6kiPVNXvNhtfx5e6NgyufTMBwtBsv5XHs:ubCHVyxwEyPEtpuV8ny6NnX6kkMDV6kL
                              MD5:3F5DC1D941E8356CCD04454AC0A7A7D2
                              SHA1:3698F9AFD870C7959E2D8A0DA0A97B4475554831
                              SHA-256:C48D57D64ED98F8F174A4F6873F536AE03B41A63F67079D7C2F7140950A1C02E
                              SHA-512:65319A4EF150884F7E67C6F96085A996C9B32DCF9A539C4EB7AF77B1B46CDD90F1E83446F33DA14467EA37D0628C9411323F5C3D3CEFCF03CBDFA186EEB2BD3C
                              Malicious:false
                              Preview:# JNLPAppletLauncher applet-launcher.jar..SHA1-Digest-Manifest: 5Bo5/eg892hQ9mgbUW56iDmsp1k=....# 7066583..SHA1-Digest-Manifest: x17xGEFzBRXY2pLtXiIbp8J7U9M=..SHA1-Digest-Manifest: ya6YNTzMCFYUO4lwhmz9OWhhIz8=..SHA1-Digest-Manifest: YwuPyF/KMcxcQhgxilzNybFM2+8=....# 7066809..SHA1-Digest-Manifest: dBKbNW1PZSjJ0lGcCeewcCrYx5g=..SHA1-Digest-Manifest: lTYCkD1wm5uDcp2G2PNPcADG/ds=..SHA1-Digest-Manifest: GKwQJtblDEuSVf3LdC1ojpUJRGg=....# 7186931..SHA1-Digest-Manifest: 0CUppG7J6IL8xHqPCnA377Koahw=..SHA1-Digest-Manifest: 3aJU1qSK6IYmt5MSh2IIIj5G1XE=..SHA1-Digest-Manifest: 8F4F0TXA4ureZbfEXWIFm76QGg4=..SHA1-Digest-Manifest: B1NaDg834Bgg+VE9Ca+tDZOd2BI=..SHA1-Digest-Manifest: bOoQga+XxC3j0HiP552+fYCdswo=..SHA1-Digest-Manifest: C4mtepHAyIKiAjjqOm6xYMo8TkM=..SHA1-Digest-Manifest: cDXEH+bR01R8QVxL+KFKYqFgsR0=..SHA1-Digest-Manifest: cO2ccW2cckTvpR0HVgQa362PyHI=..SHA1-Digest-Manifest: D/TyRle6Sl+CDuBFmdOPy03ERaw=..SHA1-Digest-Manifest: eJfWm86yHp2Oz5U8WrMKbpv6GGA=..SHA1-Digest-Manifest: g3mA5HqcRBlKa
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1273
                              Entropy (8bit):4.167014768533289
                              Encrypted:false
                              SSDEEP:24:NPwGDO0uFVW0mSDEYMZ9HWYZj4bJCC8lCEQqkvZq1n4v3CYe:NPrDJuF4oMyYZj4h8lCENq2+e
                              MD5:BBEBCF13680E71EC2EE562524DA02660
                              SHA1:C5C005C29A80493F5C31CD7EB629AC1B9C752404
                              SHA-256:1FBEA394E634630894CF72DE02DF1846F32F3BB2067B3CB596700E4DD923F4B5
                              SHA-512:B686236EEE055C97A96F5E31A2EE7CE57EED04C2175235CEB19F9F56ABFD22DB6FDCADE8C5D4BA7B656D69E923A1C5844C06DC959A4A915E215FB0ACE377B114
                              Malicious:false
                              Preview:Algorithm=SHA-256..14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD..31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133..3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66..450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2..4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE..4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176..5E83124D68D24E8E177E306DF643D5EA99C5A94D6FC34B072F7544A1CABB7C7B..76A45A496031E4DD2D7ED23E8F6FF97DBDEA980BAAC8B0BA94D7EDB551348645..8A1BD21661C60015065212CC98B1ABB50DFD14C872A208E66BAE890F25C448AF..9ED8F9B0E8E42A1656B8E1DD18F42BA42DC06FE52686173BA2FC70E756F207DC..A686FEE577C88AB664D0787ECDFFF035F4806F3DE418DC9E4D516324FFF02083..B8686723E415534BC0DBD16326F9486F85B0B0799BF6639334E61DAAE67F36CD..D24566BF315F4E597D6E381C87119FB4198F5E9E2607F5F4AB362EF7E2E7672F..D3A936E1A7775A45217C8296A1F22AC5631DCDEC45594099E78EEEBBEDCBA967..DF21016B00FC54F9FE3BC8B039911BB216E9162FAD2FD14D990AB96E9
                              Process:C:\Users\Public\123.exe
                              File Type:Java KeyStore
                              Category:dropped
                              Size (bytes):112860
                              Entropy (8bit):7.58405956263152
                              Encrypted:false
                              SSDEEP:1536:knYlyRHbLD1Syx011lYcdSmjbDKuaG8QlpzHok0SeHX:knYlyRHrq5dbeO9pLD0SiX
                              MD5:A2C167C8E0F275B234CB2C2E943781C7
                              SHA1:2A6B5FBC476EA3A5DDFB4BF1F6CDF0C4DA843BB1
                              SHA-256:A9263831583DFD58BC3584AA0B13E6CDE43403FB82093329B47BB65A8C701AFB
                              SHA-512:8A0C2240C603210AE963C6A126D19BF51659FDED2228503BBF2A2662CCB73B0F9E18C020C9E5E2F3449E2F4F0006D68FE15C8FD5D91DEE8A1A6B42A49183BEAA
                              Malicious:false
                              Preview:...........h......digicertassuredidrootca....Wa....X.509....0...0................F...`...090...*.H........0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0...061110000000Z..311110000000Z0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0.."0...*.H.............0.............C.\...`.q....&...... 9(X`......2a<..(........z.....yS\1.*...26v...<...j.!.Ra. ......d..[_.X.5.G.6.k..8>...3../..(......nD.a5...Y..vm..K.+..r.`..5.xU. ...m..I|1.3l"..2Z......9...:r.......1u..}".?.F..(y...W..~......V.......?........_.wO......c0a0...U...........0...U.......0....0...U......E....1-Q...!..m..0...U.#..0...E....1-Q...!..m..0...*.H.....................rszd...rf.2.Bub.......V.....(...`\.LX..=.IEX.5i..G.V.y...g.....<..&, .=.(.._."...e....gI.]..*.&.x.}?+.&5m_...I[.....=%.....o...dh.-..B.....b.Pg.l....k.6...7|.[mz..F`..'..K...g*h....3f....n...c.....%ml...a...&..q......Q.+
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):2515
                              Entropy (8bit):4.490054643169131
                              Encrypted:false
                              SSDEEP:24:nWjF29ShnQUQH2Hvh4ic1mo6wv1PdOpGLSYLHoQLZQ/1rJ+fSA:n+4AQWxc1tgAFH
                              MD5:EC90FD04C2890584A16EB24664050C2A
                              SHA1:C7FE062EAC95909EC6A5EA93F42DDA5E023AD82C
                              SHA-256:CED51E3926E6B0CFEC8ECAB3B15D296FDCFAE4D32046224814AAAB5FD0FED9C0
                              SHA-512:8DA494925B3B5AAE69A30A8B5F9732E64EDBAE39C968229D112185E349C410A0F5D1B281A4E44718E0120E910820B15CA878B2ED1CF905DFC6595F1BA34B85D3
                              Malicious:false
                              Preview:..// Standard extensions get all permissions by default....grant codeBase "file:${{java.ext.dirs}}/*" {.. permission java.security.AllPermission;..};....// default permissions granted to all domains....grant {.. // Allows any thread to stop itself using the java.lang.Thread.stop().. // method that takes no argument... // Note that this permission is granted by default only to remain.. // backwards compatible... // It is strongly recommended that you either remove this permission.. // from this policy file or further restrict it to code sources.. // that you specify, because Thread.stop() is potentially unsafe... // See the API specification of java.lang.Thread.stop() for more.. // information... permission java.lang.RuntimePermission "stopThread";.... // allows anyone to listen on dynamic ports.. permission java.net.SocketPermission "localhost:0", "listen";.... // "standard" properies that
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):27033
                              Entropy (8bit):4.840685151784295
                              Encrypted:false
                              SSDEEP:768:rmLHAEcqrlANbwbqL1AdLAHaPw2kqUTWip+fzIz:rWQaYFqUTWip0kz
                              MD5:409C132FE4EA4ABE9E5EB5A48A385B61
                              SHA1:446D68298BE43EB657934552D656FA9AE240F2A2
                              SHA-256:4D9E5A12B8CAC8B36ECD88468B1C4018BC83C97EB467141901F90358D146A583
                              SHA-512:7FED286AC9AED03E2DAE24C3864EDBBF812B65965C7173CC56CE622179EB5F872F77116275E96E1D52D1C58D3CDEBE4E82B540B968E95D5DA656AA74AD17400D
                              Malicious:false
                              Preview:#..# This is the "master security properties file"...#..# An alternate java.security properties file may be specified..# from the command line via the system property..#..# -Djava.security.properties=<URL>..#..# This properties file appends to the master security properties file...# If both properties files specify values for the same key, the value..# from the command-line properties file is selected, as it is the last..# one loaded...#..# Also, if you specify..#..# -Djava.security.properties==<URL> (2 equals),..#..# then that properties file completely overrides the master security..# properties file...#..# To disable the ability to specify an additional properties file from..# the command line, set the key security.overridePropertiesFile..# to false in the master security properties file. It is set to true..# by default.....# In this file, various security properties are set for use by..# java.security classes. This is where users can statically register..# Cryptography Packag
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):103
                              Entropy (8bit):4.802539000066613
                              Encrypted:false
                              SSDEEP:3:RSjGIWgjM0ePFUNaXsIGNDAPVnyzowv:RS6c2PFUsXsIrRqoa
                              MD5:E0C4EF8B210C0DDFEE01126E1ACA4280
                              SHA1:F1CC674F447045D668454996D5C3C188884762CD
                              SHA-256:E5CD7F9FD43084674AA749BC8301F28DE85EEF6D01BD78828F72FA32377A3368
                              SHA-512:4820074F15520AD099193B27A673499C31544A7279279EFCB6131D53FE997438A96E1C5B386C233385004F7A2FBB775D4CDE3C0272A196B54C0D8EE6CCEF43DF
                              Malicious:false
                              Preview:..grant codeBase "file:${jnlpx.home}/javaws.jar" {.. permission java.security.AllPermission;..};....
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):3527
                              Entropy (8bit):7.521709350514316
                              Encrypted:false
                              SSDEEP:96:XWlvuYcIou1YgHqK3WwGjIEwtR88fH4VVKZ:sutuyOqKmw0QtRpH4VVKZ
                              MD5:57AAAA3176DC28FC554EF0906D01041A
                              SHA1:238B8826E110F58ACB2E1959773B0A577CD4D569
                              SHA-256:B8BECC3EF2E7FF7D2165DD1A4E13B9C59FD626F20A26AF9A32277C1F4B5D5BC7
                              SHA-512:8704B5E3665F28D1A0BC2A063F4BC07BA3C7CD8611E06C0D636A91D5EA55F63E85C6D2AD49E5D8ECE267D43CA3800B3CD09CF369841C94D30692EB715BB0098E
                              Malicious:false
                              Preview:PK........H..C................META-INF/MANIFEST.MF...o.0...;....-..N.I.._..!S..^L..v+....~....K.....9.......-.qLc,.P.N..%QG.b....n...`..m.u...Yw...ak....+to..1.............."m.i8..z}{B...^uV...1..s.>>..Z-.&..%....A..W..t..c....?z.o....A.]d0a...^..a........./..'..NQQ.%...4..l..}....N..A.f..Q[G.K^.S...o..PK.....8....h...PK........H..C................META-INF/ORACLE_J.SF..Ko.0...}.....U....A........-!....c...4..m.E..F.;.G.c..5...AH.qW.93.....-...`...#.Y.1..=.......b....0/.p...`...}...!.N..a'.....'..?eW..(b..SD.(0;*=h.W\.....w........ ........hg. y.....D...1.L'+...P..QOM..f.w...{\m...Tl.&i..!N~..Q.5...8............/.....UzY..$>.}.m..'.............g>.....D.O...o..V...o.O....4....~.2.7..'.o/....}.PK...E..\.......PK........H..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1249
                              Entropy (8bit):4.735634480139973
                              Encrypted:false
                              SSDEEP:12:AJx/wzjJQO1YfK4pPq8Ul6GyGLCKDJ9w5lAu9aEVjEcGuc8X3A0LlmPOiMA0L9UV:w/61sppNUl6GbLCOMlmEOucA3e2s/WW
                              MD5:BB63293B1207CB8608C5FBE089A1B06D
                              SHA1:96A0FA723AF939C22AE25B164771319D82BC033B
                              SHA-256:633015AD63728DFE7A51BF26E55B766DD3E935F1FCCCFFA8054BF6E158EA89B2
                              SHA-512:0042DEBE4A77DA997A75A294A0C48D19AED258EEB3CD723FD305037DF11F0A5073A92CC54967B8B541E1AFC912F36481D0B0F68477B8156E52E15093722B7C32
                              Malicious:false
                              Preview:############################################################..# Sound Configuration File..############################################################..#..# This properties file is used to specify default service..# providers for javax.sound.midi.MidiSystem and..# javax.sound.sampled.AudioSystem...#..# The following keys are recognized by MidiSystem methods:..#..# javax.sound.midi.Receiver..# javax.sound.midi.Sequencer..# javax.sound.midi.Synthesizer..# javax.sound.midi.Transmitter..#..# The following keys are recognized by AudioSystem methods:..#..# javax.sound.sampled.Clip..# javax.sound.sampled.Port..# javax.sound.sampled.SourceDataLine..# javax.sound.sampled.TargetDataLine..#..# The values specify the full class name of the service..# provider, or the device name...#..# See the class descriptions for details...#..# Example 1:..# Use MyDeviceProvider as default for SourceDataLines:..# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider..#..# Example 2:..# Speci
                              Process:C:\Users\Public\123.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):103910
                              Entropy (8bit):7.113278604363908
                              Encrypted:false
                              SSDEEP:1536:OcQWmFKJzLl2g6kpE7tdTMBB/////t97Taz69rU4y/uqmol7s2gK:Oyh3F27/qGzkrfy/uqllQ2gK
                              MD5:5A7F416BD764E4A0C2DEB976B1D04B7B
                              SHA1:E12754541A58D7687DEDA517CDDA14B897FF4400
                              SHA-256:A636AFA5EDBA8AA0944836793537D9C5B5CA0091CCC3741FC0823EDAE8697C9D
                              SHA-512:3AB2AD86832B98F8E5E1CE1C1B3FFEFA3C3D00B592EB1858E4A10FFF88D1A74DA81AD24C7EC82615C398192F976A1C15358FCE9451AA0AF9E65FB566731D6D8F
                              Malicious:false
                              Preview:...TZDB....2016d.S..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):8602
                              Entropy (8bit):5.204166069367786
                              Encrypted:false
                              SSDEEP:192:j1kfcymkDvxeMmKg5GQEK2TtllXinSV29OHPQT:hhymk/QGT7YT
                              MD5:B8DD8953B143685B5E91ABEB13FF24F0
                              SHA1:B5CEB39061FCE39BB9D7A0176049A6E2600C419C
                              SHA-256:3D49B3F2761C70F15057DA48ABE35A59B43D91FA4922BE137C0022851B1CA272
                              SHA-512:C9CD0EB1BA203C170F8196CBAB1AAA067BCC86F2E52D0BAF979AAD370EDF9F773E19F430777A5A1C66EFE1EC3046F9BC82165ACCE3E3D1B8AE5879BD92F09C90
                              Malicious:false
                              Preview:#..# This file describes mapping information between Windows and Java..# time zones...# Format: Each line should include a colon separated fields of Windows..# time zone registry key, time zone mapID, locale (which is most..# likely used in the time zone), and Java time zone ID. Blank lines..# and lines that start with '#' are ignored. Data lines must be sorted..# by mapID (ASCII order)...#..# NOTE..# This table format is not a public interface of any Java..# platforms. No applications should depend on this file in any form...#..# This table has been generated by a program and should not be edited..# manually...#..Romance:-1,64::Europe/Paris:..Romance Standard Time:-1,64::Europe/Paris:..Warsaw:-1,65::Europe/Warsaw:..Central Europe:-1,66::Europe/Prague:..Central Europe Standard Time:-1,66::Europe/Prague:..Prague Bratislava:-1,66::Europe/Prague:..W. Central Africa Standard Time:-1,66:AO:Africa/Luanda:..FLE:-1,67:FI:Europe/Helsinki:..FLE Standard Time:-1,67:FI:E
                              Process:C:\Users\Public\123.exe
                              File Type:ASCII text, with very long lines (427), with CRLF line terminators
                              Category:dropped
                              Size (bytes):533
                              Entropy (8bit):5.416086012521588
                              Encrypted:false
                              SSDEEP:12:GEKkc58IOlBVAQEjy2IM0oPP1RVtc8fFVKeiIdGIVIPJvq1RUbDcz:GEK7586QY/0oPtRb2TqySRUkz
                              MD5:A61B1E3FE507D37F0D2F3ADD5AC691E0
                              SHA1:8AE1050FF466B8F024EED5BC067B87784F19A848
                              SHA-256:F9E84B54CF0D8CB0645E0D89BF47ED74C88AF98AC5BF9CCF3ACCB1A824F7DC3A
                              SHA-512:3E88A839E44241AE642D0F9B7000D80BE7CF4BD003A9E2F9F04A4FEB61EC4877B2B4E76151503184F4B9978894BA1D0DE034DBC5F2E51C31B3ABB24F0EACF0C7
                              Malicious:false
                              Preview:JAVA_VERSION="1.8.0_101"..OS_NAME="Windows"..OS_VERSION="5.1"..OS_ARCH="i586"..SOURCE=" .:e983a19c6439 corba:2bb2aec4b3e5 deploy:2390a2618e98 hotspot:77df35b662ed hotspot/make/closed:40ee8a558775 hotspot/src/closed:710cffeb3c01 hotspot/test/closed:d6cfbcb20a1e install:68eb511e9151 jaxp:8ee36eca2124 jaxws:287f9e9d45cc jdk:827b2350d7f8 jdk/make/closed:53a5d48a69b0 jdk/src/closed:06c649fef4a8 jdk/test/closed:556c76f337b9 langtools:8dc8f71216bf nashorn:44e4e6cbe15b pubs:388b7b93b2c0 sponsors:1b72bbdb30d6"..BUILD_TYPE="commercial"..
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):247787
                              Entropy (8bit):7.915391305945515
                              Encrypted:false
                              SSDEEP:6144:p+30cnH7ihlQT+uRm0C/vL7cvRurEQ9oTo4/1pC:p+3VnYo+WkvsJuApo4/1k
                              MD5:F5AD16C7F0338B541978B0430D51DC83
                              SHA1:2EA49E08B876BBD33E0A7CE75C8F371D29E1F10A
                              SHA-256:7FBFFBC1DB3422E2101689FD88DF8384B15817B52B9B2B267B9F6D2511DC198D
                              SHA-512:82E6749F4A6956F5B8DD5A5596CA170A1B7FF4E551714B56A293E6B8C7B092CBEC2BEC9DC0D9503404DEB8F175CBB1DED2E856C6BC829411C8ED311C1861336A
                              Malicious:false
                              Preview:PK........RT.IcT..............META-INF/MANIFEST.MF.....T]o.0.}G...x.6.......L.T..X_'.\..3.....h....).}r...zF.[.6.3(.........G..LFl. .....z4....4.A@*"........5&.....=..Ah^`.I....N.3......y1#.s.r.5h...D.J7.....s..2..4.05H5.{...A..|.,...}..C....'.tT.g.d.}..I../.....8.2&.w.........+.."..`c.y._...?..9.{........L3.0.....M...6..T.x.R.tQ..+#...`4.K..)f.L.5.^..(..22U....-.#.5Qdj.......n.e=5$..$b."...sA!..D....OO..fNg.... ui.2...=....-..R.G..E..V3..G..m.i..L...f.......8.`......^........!...`5.0V.%?...D&.Iy5.....?...V.._..m.T..B.:..-..Ng)%....}o.w._PK........RT.I................org/..PK........RT.I................org/objectweb/..PK........RT.I................org/objectweb/asm/..PK........RT.I............)...org/objectweb/asm/AnnotationVisitor.class..]O.`.....(+.....:']...`L..b...../.4M..R.~...&.%...~(.9m...3{..?...y....??....]..@E. .v.P.{b..w.'.....'.;......~....qt.^.i.....><.....}.&a..u..&l..{..u. ..........s'3..(L_.^.>.z...uU.<$(..9I.......'......'.........
                              Process:C:\Users\Public\123.exe
                              File Type:Java archive data (JAR)
                              Category:dropped
                              Size (bytes):811449
                              Entropy (8bit):7.9905835318504606
                              Encrypted:true
                              SSDEEP:24576:RasEsNDFHzOXXIGLWFW4b2n7YeWUhzNNcS:IsE49yHIwqqJL57
                              MD5:6C4D19D8414D8C39F8F5DDFA96B424C2
                              SHA1:0DB680855897FBC7464BE7E0063C592C414C658F
                              SHA-256:8A17ED8AF4ECAE38A4BBC0D00806A00E37C3AE52ADEBA66A1C40085EEC08366C
                              SHA-512:E300C8EE258AEB6F63DF29C0A2ADD82A9C19AFD0C3246931929703670E1C7E19DE8D64A6F32A7E10366BA18B3A72FE0465F2E77F07F89076BB15CE206A82BCD6
                              Malicious:false
                              Preview:PK........@..Y................META-INF/....PK........=..Yc..\...h.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..y...R.KRSt.*A.-......u....4....sR......K..h.r.r..PK........@..Y.................packages/PK........@..Y................action/PK........@..Y................behaviour/PK........@..Y................behaviour/custom/PK........@..Y................bundle/PK........@..Y................bundle/jurl/PK........@..Y................bundle/windows/PK........@..Y................bundle/windows/api/PK........@..Y................bundle/windows/result/PK........@..Y................bundle/zip/PK........@..Y................facade/PK........@..Y................installer/PK........@..Y................installer/forms/PK........@..Y................installer/modules/PK........@..Y................php/PK........@..Y................php/compress/PK........@..Y................php/framework/PK........@..Y................php/gui/PK........@..Y................php/gui/framework/PK.....
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):13202
                              Entropy (8bit):7.737712617961208
                              Encrypted:false
                              SSDEEP:192:LhR1Ygxt7I20RiT2dI03cIH8W6Bc4/kyOLZAy0ZH6AfkA8sFayhbD3D3KRe:1RNRI24AKBcW6BIyYreXf/iyhPD3KU
                              MD5:3E5E8CCCFF7FF343CBFE22588E569256
                              SHA1:66756DAA182672BFF27E453EED585325D8CC2A7A
                              SHA-256:0F26584763EF1C5EC07D1F310F0B6504BC17732F04E37F4EB101338803BE0DC4
                              SHA-512:8EA5F31E25C3C48EE21C51ABE9146EE2A270D603788EC47176C16ACAC15DAD608EEF4FA8CA0F34A1BBC6475C29E348BD62B0328E73D2E1071AAA745818867522
                              Malicious:false
                              Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................JPHP-INF/..PK........3.\K................JPHP-INF/sdk/..PK........3.\K..e.....\... ...JPHP-INF/sdk/ArithmeticError.phpe..j.0...@.Ac...n]..C..+8....)Xr....t.`cI.......i.K..t.V..F..)@...l.[B...G^b.E=I.a.2J..'..%.b. ^.......z........S ........v......d.h4...1NN]..,..t...~..yo&...G.....<@A...5. .\..ET.w;.S...w.....a..61...[.O....k....PK........3.\K.J.......... ...JPHP-INF/sdk/array-functions.php.Y]o.0.}G.?..M....M[.U.j.h.=F&..q2.0.u.}Nb ....:.@7p....p...Y...\]^v;.e.)C.....z.z.G...z1.P....h...U..H...jc.O..@4..U.._..K..C....6...q;..v.t;.})q....Q..eE..5wg+.l.c..V.......T{qJ..(53.cXn..<..#.k.....RI.A..8...D$..0..0]os...|...OR...p......]..`0.f.8.q....p...H....E..4>{...5.Xf.....5...Wms...>....LH..$,`C......T..#.#K..4".....f.-!h..MAle.m.a..2.....AZ......iT.Z.....Vu.J.a......p..4.6B..I..D9GY....}.L"Mh.....$...M.
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                              Category:dropped
                              Size (bytes):231952
                              Entropy (8bit):7.8987047381149225
                              Encrypted:false
                              SSDEEP:3072:2DiL6hR+wm60gqZjJhqo2M04r7bv1XMrMxw1rl1rwj+Bmd6dYBmkW1eIjEmFdbl6:bq0jSi2Qi1B1Cay6dYBUwmPxLe3
                              MD5:5134A2350F58890FFB9DB0B40047195D
                              SHA1:751F548C85FA49F330CECBB1875893F971B33C4E
                              SHA-256:2D43EB5EA9E133D2EE2405CC14F5EE08951B8361302FDD93494A3A997B508D32
                              SHA-512:C3CDAF66A99E6336ABC80FF23374F6B62AC95AB2AE874C9075805E91D849B18E3F620CC202B4978FC92B73D98DE96089C8714B1DD096B2AE1958CFA085715F7A
                              Malicious:false
                              Preview:PK...........H................META-INF/PK...........H..Q?....p.......META-INF/MANIFEST.MF.R]..0.|...`....$.8...SQ.C.....Kp... ..u>0.U..9.....Y....M..J3)2.....+A9..A..M.x.R.....q.SD].l{)w.......\..........=...N.n36..F.FM.../.b.6.A.D...l.Z].x4M'.t<.R7z..w.k}._.S@.g.z..81%E..dh.l.a.G.."'........n......Je.h6lM.(..r.{_.T&.....[....Z...N_. G.c............T6.z.z]m...N.s+..........R.Zg.`.Qg.a...a+e.J..W..%.P....7.I...$..wi.{...*...{...=.N......Q@.`v..$..G..........M./m3.....6.O.9...T.P.[X........~Lc.{Q$.QXHe=k...D.pE.nH...PK...........H................com/PK...........H................com/google/PK...........H................com/google/gson/PK...........H................com/google/gson/annotations/PK...........H................com/google/gson/internal/PK...........H................com/google/gson/internal/bind/PK...........H............#...com/google/gson/internal/bind/util/PK...........H................com/google/gson/reflect/PK...........H................com/google/g
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):106006
                              Entropy (8bit):7.823795646704166
                              Encrypted:false
                              SSDEEP:1536:CPj4aLCBcnn4xGrpR7H30x4VTNVNM43QHt0msLiWzO5SQJn4494m75CYl3U:ETCBmnoCptBNNVNzQ6e5SQW494mlZ2
                              MD5:0C8768CDEB3E894798F80465E0219C05
                              SHA1:C4DA07AC93E4E547748ECC26B633D3DB5B81CE47
                              SHA-256:15F36830124FC7389E312CF228B952024A8CE8601BF5C4DF806BC395D47DB669
                              SHA-512:35DB507A3918093B529547E991AB6C1643A96258FC95BA1EA7665FF762B0B8ABB1EF732B3854663A947EFFE505BE667BD2609FFCCCB6409A66DF605F971DA106
                              Malicious:false
                              Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K.................packages/..PK........3.\KpS..v............packages/framework.pkg.W.n.8.}....}..,.:m....c3.&.(Hr;....k..V..h.sH../.\..h... w.T6j....k.o..;L.....dBR.{/.I.P.t.H.:s...X.......#...-..CPm.....lT;..u........P..o.L.j..a.h...@.@..6`J....D9..IfT..U....d.B.]..........T.<.......nfs..k....P`..,..g........T[+@.em.cY...F.k.h..T.M.1....{.eg@+Q.._a.....(O.Z..y.UPu....;.M.......8O..d$....)...MlMc/..;.|....N.(.s.......1.c.n..... T+..._.g*@R9.. ...F...../...lg..>.....W...J.6.<.VT..iY.l....}......M.J.?.........YS....H.9rG.I.;....ZK...d'|....Ix....c.....ve._s......JOu..s....Z...)g........j.K.W.7.o .^....:!m...n...........*9Q'..8.<..3!.\.8.j...z.mn.....6.....].N/...x]..Ke....:.A.Z.......l..AaG3~..y.K8R..<#J?..P..._..k.H........ .]L8.......j......lYq..).......(.hCf...$$..l.....K...M3...Ll9....-.1.%.......v.....m...
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):475905
                              Entropy (8bit):7.8713354167151675
                              Encrypted:false
                              SSDEEP:12288:pyfuv+DnikW2IfqFXKzNGNyyRmfD4vCgdiRST:pLWDnid2IfZGAyAfczdig
                              MD5:7E5E3D6D352025BD7F093C2D7F9B21AB
                              SHA1:AD9BFC2C3D70C574D34A752C5D0EBCC43A046C57
                              SHA-256:5B37E8FF2850A4CBB02F9F02391E9F07285B4E0667F7E4B2D4515B78E699735A
                              SHA-512:C19C29F8AD8B6BEB3EED40AB7DC343468A4CA75D49F1D0D4EA0B4A5CEE33F745893FBA764D35C8BD157F7842268E0716B1EB4B8B26DCF888FB3B3F4314844AAD
                              Malicious:false
                              Preview:PK..........[K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK..........[K................org/develnext/jphp/core/..PK..........[K................org/develnext/jphp/core/common/..PK..........[K0:..).......G...org/develnext/jphp/core/common/ObjectSizeCalculator$ObjectWrapper.class.RMo.@.}k;q.\....o.$....F.@.*".p.*.'6.*qp.`;.EH........%.$...q...B.V..r.....{o.....o...* ..yh8"..:..p.'u.b....pb.rk...q.g.H.K...._f.....1h..+.f[./........OH......]Y.....af..V.G#.2.M..a..Q$..h.a..u...~l.F......0..~..v........ \..)..{c.E..~.A...K;...U>J-..<.o..VkM.,..Fi...CG.....^..I%.y,..3p.gt.e...#....d(..'.J?#..q.E..jmj....\...;...Q,...]..n.qm{[{.............T..(P.G.......3.i}..*....t.xD...'..ja.6.J@.IV.?(c..|.r.....6.~..>A-ko.Q'..(.whtlB..AS'./#..P|J..1?... ....mRWj.S.CF7X.t.......I)[/..T...ze.k.WT..,.L.
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):17374
                              Entropy (8bit):7.682654493549437
                              Encrypted:false
                              SSDEEP:384:Paj1PXNyyQwsCxm7VXh3il27I8pdo63XNrqlY3ylWn4iczt3Z:e1/BQwsCxIVXhuF8pKaXNdXn4icz9Z
                              MD5:B50E2C75F5F0E1094E997DE8A2A2D0CA
                              SHA1:D789EB689C091536EA6A01764BADA387841264CB
                              SHA-256:CF4068EBB5ECD47ADEC92AFBA943AEA4EB2FEE40871330D064B69770CCCB9E23
                              SHA-512:57D8AC613805EDADA6AEBA7B55417FD7D41C93913C56C4C2C1A8E8A28BBB7A05AADE6E02B70A798A078DC3C747967DA242C6922B342209874F3CAF7312670CB0
                              Malicious:false
                              Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................org/..PK........3.\K................org/develnext/..PK........3.\K................org/develnext/jphp/..PK........3.\K................org/develnext/jphp/ext/..PK........3.\K................org/develnext/jphp/ext/gui/..PK........3.\K............#...org/develnext/jphp/ext/gui/desktop/..PK........3.\K............+...org/develnext/jphp/ext/gui/desktop/classes/..PK........3.\K.|wk.......6...org/develnext/jphp/ext/gui/desktop/classes/Mouse.class.SmO.A.~...^O....J..P..QQ.."&M*.0|2!.c)...n..../&F.....(..-.A..}f.yff......2..0e.&.m.B!....ha..<C.#..~..P....0VZ.+T.]W....&.^.r.b.....r.|.E....m..Z.+...R...V..k^.......<.....z_F.K. ....!|%..{`.Q.%..[..].(..}..XeHQ........h...S.i.!....*.a.i.(..F6..m.I...R...Yp.2[....C..))%.f...]..Mt7..Sm6...D.D......'.K3);i{.7..ER..5..'N'..73ip?&^.hoZ.up.....,.e.wq..}.W..`.+..g.%....|...S.....*......&t.
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):704689
                              Entropy (8bit):7.834558665203789
                              Encrypted:false
                              SSDEEP:12288:sSn9gd/GXLtKb+Ozu5idmEfcHOPJZ7bw1kXn0yZLJZsDDpJSWB5qSEhQ:sMw/GXUb+euCVIOxRQIZOnuK
                              MD5:6696368A09C7F8FED4EA92C4E5238CEE
                              SHA1:F89C282E557D1207AFD7158B82721C3D425736A7
                              SHA-256:C25D7A7B8F0715729BCCB817E345F0FDD668DD4799C8DAB1A4DB3D6A37E7E3E4
                              SHA-512:0AB24F07F956E3CDCD9D09C3AA4677FF60B70D7A48E7179A02E4FF9C0D2C7A1FC51624C3C8A5D892644E9F36F84F7AAF4AA6D2C9E1C291C88B3CFF7568D54F76
                              Malicious:false
                              Preview:PK........gt]K................META-INF/..PK........0.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK......../.\K................org/..PK......../.\K................org/develnext/..PK......../.\K................org/develnext/jphp/..PK......../.\K................org/develnext/jphp/ext/..PK........gt]K................org/develnext/jphp/ext/javafx/..PK........gt]K............#...org/develnext/jphp/ext/javafx/bind/..PK........gt]K....V.......>...org/develnext/jphp/ext/javafx/bind/BoundsMemoryOperation.class.V[W.U..N..a....B[.Z...h-.....E.h.-.j..$.Hf..$....|...P}.k.e.k..\.33..&..b......g_f.....K.w..a.3.f..).W.0.va._(.R.....).5.......$.Z.#).*V.\U.&..)S*6.|....V..$.S..0.cKAZA..s.-1.......3N.3.IX6_.....bn.h%.p.fa.t-....[e........k....K...U3[3.,;c<p*v......\.),.`8..g.f...|,.8!.......:.w%..m..K./.0..."+%..U...l,!..Vla....1gW-.....ol..f./.Y.....x".(."..^.....i.k'zc.........e.9.@..0hs.4/.\...UW..?.m.X..%..O.s...N..S..{....0.;.f).owu.....yZ...[.h....
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):17135
                              Entropy (8bit):7.7352982443766
                              Encrypted:false
                              SSDEEP:384:fSw3uFslDvQGOoqdoUFKgvXj9jmHo5+FejOcEDffWPvy:KwJlrQGOdoUFKgvTmn6y
                              MD5:FDE38932B12FC063451AF6613D4470CC
                              SHA1:BC08C114681A3AFC05FB8C0470776C3EAE2EEFEB
                              SHA-256:9967EA3C3D1AEE8DB5A723F714FBA38D2FC26D8553435AB0E1D4E123CD211830
                              SHA-512:0F211F81101CED5FFF466F2AAB0E6C807BB18B23BC4928FE664C60653C99FA81B34EDF5835FCC3AFFB34B0DF1FA61C73A621DF41355E4D82131F94FCC0B0E839
                              Malicious:false
                              Preview:PK........K.\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK........K.\K................org/develnext/jphp/json/..PK........K.\K............ ...org/develnext/jphp/json/classes/..PK........K.\K........5...5...org/develnext/jphp/json/classes/JsonProcessor$1.class..[S.@.....B..E.^.A..\B.C..Uf..":.8!Y.t..$...|.M?./:.....x...C.H3._.....nv......,6...(C"..$.R.c.......*..C.a.a.a.a.a.a.a.a.a.!.eXaXU.5m.?..H.1....i...r..v`.%.wt...Y...#^.t...6.9Ks]N.t..E......O-.......%..M^.G...tFA[.,....../k..{.....U..e.....d..kq.o{f....jf.......o.A..M..P.Om.r\..ns....k1..]._...c.+.;...u.,)R...u...6.!-.Q...h_.C....(,..O..!.M.r...;.... ....io.)^....5*".F!6L[..Fe.J....C..yuO....H............#.uE..}..;.W.\,..5rn=.|&......#<...C..Z..Ok...T..r".L\).]1.a(.J.9..[.$.1E.Y/j?.^:..{4.@S`....%.o...
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):1177648
                              Entropy (8bit):7.91949701328009
                              Encrypted:false
                              SSDEEP:24576:cP4MBZrpGi4exQ9qdXVd/F/3yy7mgviLzIM:czHMi4eKCd/BzaLcM
                              MD5:D5EF47C915BEF65A63D364F5CF7CD467
                              SHA1:F711F3846E144DDDBFB31597C0C165BA8ADF8D6B
                              SHA-256:9C287472408857301594F8F7BDA108457F6FDAE6E25C87EC88DBF3012E5A98B6
                              SHA-512:04AEB956BFCD3BD23B540F9AD2D4110BB2FFD25FE899152C4B2E782DAA23A676DF9507078ECF1BFC409DDFBE2858AB4C4C324F431E45D8234E13905EB192BAE8
                              Malicious:false
                              Preview:PK..........\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................php/..PK..........\K................php/runtime/..PK..........\K................php/runtime/annotation/..PK..........\K.~..........0...php/runtime/annotation/Reflection$Abstract.class.PMK.@...W.Xm...b...s..h..%FA<m..l7!....<...Q.[D.P....y..........8h:.u.'.>..4..H.@.WE..b}>..)p...f..e.XQW..H.g..;....O...O..E...Ts6n...b..Knp....?....n.d:!....|O.=.eB,*..#...z......@'yK..'..]~..u.Ieh..9.....J.,#.....S....._&p.vv[@....{.(q-....-F.sUB..6,|A.P.-[.a.....v...PK..........\K.RG=........+...php/runtime/annotation/Reflection$Arg.class.S[SRQ......./].L-%..X.[N..M.8........l.a....C?........p8k}.Z....?~.x...v-.-....W.`X..x...].<..o..JZ.....?...U.....6.W....=.....;P....P$.....:.-a..5.*.J8..N.z........1......m.e}...Z..Y.N...6...N.2..\4.CZS..Q..,..*......*W...i"S5.$...........Qz.r...Cf(. .fo....dZ.lH.M\.q?`.............vh
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):20151
                              Entropy (8bit):7.765220504812666
                              Encrypted:false
                              SSDEEP:384:dti5BMxSo4LgAAsJilYcmwPbEM0Av7wGkJXbhS1OaVKD6U2:DqoCgqyIMZwRJLQO5eU2
                              MD5:0A79304556A1289AA9E6213F574F3B08
                              SHA1:7EE3BDE3B1777BF65D4F62CE33295556223A26CD
                              SHA-256:434E57FFFC7DF0B725C1D95CABAFDCDB83858CCB3E5E728A74D3CF33A0CA9C79
                              SHA-512:1560703D0C162D73C99CEF9E8DDC050362E45209CC8DEA6A34A49E2B6F99AAE462EAE27BA026BDB29433952B6696896BB96998A0F6AC0A3C1DBBB2F6EBC26A7E
                              Malicious:false
                              Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........wkVK................org/..PK........wkVK................org/develnext/..PK........wkVK................org/develnext/jphp/..PK........wkVK................org/develnext/jphp/ext/..PK........wkVK................org/develnext/jphp/ext/xml/..PK........wkVK............#...org/develnext/jphp/ext/xml/classes/..PK........wkVKmw.>........@...org/develnext/jphp/ext/xml/classes/WrapDomDocument$Methods.class.R]S.@.=......R...!y!3.}..L...;".5.iS...f..O.....r.l...f$.9{..~.....'.W.q...9...}.NS.U/a...y......e.D".,.%h.pk....|.`BOh.P>..J.|.N...>...C..H...4./....E\.t....M.g..<...|..yC..`...1..k;.l.Vu.u..+.P...ro....N~...g..>..#..X.%...U.........n.fB.C..yw.KQ..;.g}..4..UmW.*E.d...T..P.|....Li..g..2..........8.5.%..Ez..[dw.M.H....pv..I6..p.&A..<gypE......r...i..9.{.@?...?|..Pw.........U.s..h...A....,..cp.K........W,...m..cp...........c<.....cK..;$x.....PK........w
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):97358
                              Entropy (8bit):7.9345189846943915
                              Encrypted:false
                              SSDEEP:1536:yZwgOueuKZ4THgWvLnhgmmJFgVn+nhEA1ODIrSrUricEDMrV+LAB:yZwgwuKmTDFgmmoVn+mAUhrUicRoAB
                              MD5:4BC2AEA7281E27BC91566377D0ED1897
                              SHA1:D02D897E8A8ACA58E3635C009A16D595A5649D44
                              SHA-256:4AEF566BBF3F0B56769A0C45275EBBF7894E9DDB54430C9DB2874124B7CEA288
                              SHA-512:DA35BB2F67BCA7527DC94E5A99A162180B2701DDCA2C688D9E0BE69876ACA7C48F192D0F03D431CCD2D8EEC55E0E681322B4F15EBA4DB29EF5557316E8E51E10
                              Malicious:false
                              Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........bkVK................org/..PK........bkVK................org/develnext/..PK........bkVK................org/develnext/jphp/..PK........bkVK................org/develnext/jphp/zend/..PK........ckVK................org/develnext/jphp/zend/ext/..PK........bkVK............!...org/develnext/jphp/zend/ext/json/..PK........bkVK.l.R........4...org/develnext/jphp/zend/ext/json/JsonConstants.class..]o.0......c]...k....!..@..u.4).[mWQ.F,S.Ti:!..K\!q...G!.M.^............;...j.2.8.O..@....dG.....A`...$......A...5..;B[.._.c.B......B`].u...[.J.D.,...f.A=.d..pv.lJ..h...t.s.cX.y...8?...b.g.[..Z.z..<...&..z....j...xiX..s...,...0J.\c..$PQ$..ym.m...x.;&.GwD....u.........".L .:.......~.@....f...tt.$.?..R6.?..I(x&f..pB...'..Ap....c...O.. .h.&q..p........O.~P.e..n..?..p....._a..E".Fi8.dh2...$...h..i..8I}.e.....C..YX....<....._F.*..|E.5.....zW..@.Tx.....+..@..
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):13213
                              Entropy (8bit):7.627776815487544
                              Encrypted:false
                              SSDEEP:192:yXmigootuYzXKKk6BL8UUJY0eP6nHY2AJ4qxivXRp2gFyjSonqKLRM7RbEZ:Km0WzX7k6eJB06HZYwRzFyj0uRM7RbEZ
                              MD5:20F6F88989E806D23C29686B090F6190
                              SHA1:1FDB9A66BB5CA587C05D3159829A8780BB66C87D
                              SHA-256:9D5F06D539B91E98FD277FC01FD2F9AF6FEA58654E3B91098503B235A83ABB16
                              SHA-512:2798BB1DD0AA121CD766BD5B47D256B1A528E9DB83ED61311FA685F669B7F60898118AE8C69D2A30D746AF362B810B133103CBE426E0293DD2111ACA1B41CCEA
                              Malicious:false
                              Preview:PK........1.\K................META-INF/..PK........1.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........1.\K................org/..PK........1.\K................org/develnext/..PK........1.\K................org/develnext/jphp/..PK........1.\K................org/develnext/jphp/ext/..PK........1.\K................org/develnext/jphp/ext/zip/..PK........1.\K............#...org/develnext/jphp/ext/zip/classes/..PK........1.\K..tp....B...6...org/develnext/jphp/ext/zip/classes/PZipException.class.SMo.@.}...../Z.@.iC(.X.....B....*U.....6[.k.vL......B.:.JPER.ffg.}3+....'.....5k....l.f^k..7.W.n.D.7...P&....84.2i.=....4.b..._.Z...R;<T.9W.....T.ok.E7......d)......cq.2..u...{...:../.D%b...:...R.........I....../TMx7a..b..|.Y..m.u8.~.G/.......P...cO...v.{fu.V...].hV..0...8x.......Qq{.%..,.G..i.FVP....w;h..,"....S..pf.1....Q....2f..'<..#.....6....fD.CBs:...K.B.OD..".?.+..l.>ms...y...;.[........YT8Z..8.5.qP.*..,..h./.-.K.....i..S....{...8Z....wpo...-.X..4p
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                              Category:dropped
                              Size (bytes):41203
                              Entropy (8bit):7.855219741633254
                              Encrypted:false
                              SSDEEP:768:CkwPhOR4PpSvw6vob5IJ9eoYUx7eBr9HDhzCZ+8ylnm1fjiUNcS5cXeK/7DaeR7g:CRPhOR4B0reWJYURuHN4ylnaeSI4
                              MD5:CAAFE376AFB7086DCBEE79F780394CA3
                              SHA1:DA76CA59F6A57EE3102F8F9BD9CEE742973EFA8A
                              SHA-256:18C4A0095D5C1DA6B817592E767BB23D29DD2F560AD74DF75FF3961DBDE25B79
                              SHA-512:5DD6271FD5B34579D8E66271BAB75C89BACA8B2EBEAA9966DE391284BD08F2D720083C6E0E1EDDA106ECF8A04E9A32116DE6873F0F88C19C049C0FE27E5D820B
                              Malicious:false
                              Preview:PK..........pJ................META-INF/PK..........pJ..w0?...........META-INF/MANIFEST.MF}._O.0....;.....J2....a..F.o.v..tm.....&c..q.w.9'..Q..Y...q%..%.........x.`.g..|ol.ZH......l.hF...7...............Gw..2..'.1..<..F&../4.O..V......4..R....k...*.<.Un..h....ZR...B..Kn..u.L5o..~.kl{.........xJ......d.L...~D..O.Y.w..$..X.r...FI.3@Q/.q.>.ke,.S....C...|.:.C]...L...{.....K.....m.D.&..Cx.qk...j...PK........J.pJ................org/PK..........pJ................org/slf4j/PK..........pJ................org/slf4j/event/PK..........pJ................org/slf4j/helpers/PK..........pJ................org/slf4j/spi/PK..........pJ...^]...+...$...org/slf4j/event/EventConstants.class}.MO.@...........=.x...!!%i......6i../O&....(.l.../.y.wvf..........8..$..C...C}..F...P..^(LOLL7.Ir4.r.-].5...k....].=._...#.....CkM.q.[*...0U..l.......N.27..[.d.|......4p<.E/..F..r..g.;1.G.RL.g'd....VC..z......q.S.dP.?.f..H[.........'....Ck.g..i-..P8".|..6.p...+dp..........5..+k.A\X."..........e
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                              Category:dropped
                              Size (bytes):15257
                              Entropy (8bit):7.804568217256536
                              Encrypted:false
                              SSDEEP:192:wyBOIrDL/vJ0RWNML2NyWKr362ByOikGnqO5Vyb3Uab+UtJIdgihtqSXs:wyBnxxMLg7KrqU7Gnqrb3lhtuF/qS8
                              MD5:722BB90689AECC523E3FE317E1F0984B
                              SHA1:8DACF9514F0C707CBBCDD6FD699E8940D42FB54E
                              SHA-256:0966E86FFFA5BE52D3D9E7B89DD674D98A03EED0A454FBAF7C1BD9493BD9D874
                              SHA-512:D5EFFBFA105BCD615E56EF983075C9EF0F52BCFDBEFA3CE8CEA9550F25B859E48B32F2EC9AA7A305C6611A3BE5E0CDE0D269588D9C2897CA987359B77213331D
                              Malicious:false
                              Preview:PK..........pJ................META-INF/PK..........pJ.T..N...........META-INF/MANIFEST.MFuR]O.0.}_....`. ........%...L...............{>.97...6..^..L..u........e<..5:..3V@..xt..0#t.hF...3..7..U........Ww`.".'..b.)wDo.~.".f......f6.....XZ......?.X..;J#.+.8..Z..Z...i@-.%3.|.....u..N4;.....%g...g..R7....D,.......u..3..b.-I.j...{......))l....(.e.`.Ie...I.NR%^.fC<.U.......w....6.:.=[..........$.*..2.Yjsu....PK........K.pJ................org/PK........K.pJ................org/slf4j/PK........K.pJ................org/slf4j/impl/PK........K.pJ.._.........#...org/slf4j/impl/OutputChoice$1.class..mO.P...w+.6+..4yP.....t........f. 1. ]w..v.Z.O.k51..>.o.F.s..$(.I.?.wn.97.......@..,.c&.,f3.....qC.M!.Bn..-cQ.........5(.A.0t.T...`...Q8..Z.wl~.Z...!..`H?.].s.g..bi.A...Z.2..oE.m....K.....k....`..c.3.......|3.{u...=....C.....uG$L.....^.g....<.....2.........`UA.....[)./>..y .!V..i(Z<.M.E;1.........Z.!.2....v..!...E.V.jqz...P..r#.R,...)G....~s..P>w..t..r..o.....&k.....?.q3..0
                              Process:C:\Users\Public\123.exe
                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                              Category:dropped
                              Size (bytes):105007
                              Entropy (8bit):7.8886535210991395
                              Encrypted:false
                              SSDEEP:1536:Dxpeuv7xOoWmvqcQurq8vGDTRAi5yRdPPl/CJqM9ggS3OIrBTH6x0:Fguv7cfmJrUOiYRbXMbS3Ooox0
                              MD5:0FD8BC4F0F2E37FEB1EFC474D037AF55
                              SHA1:ADD8FFACE4C1936787EB4BFFE4EA944A13467D53
                              SHA-256:1E31EF3145D1E30B31107B7AFC4A61011EBCA99550DCE65F945C2EA4CCAC714B
                              SHA-512:29DE5832DB5B43FDC99BB7EA32A7359441D6CF5C05561DD0A6960B33078471E4740EE08FFBD97A5CED4B7DD9CC98FAD6ADD43EDB4418BF719F90F83C58188149
                              Malicious:false
                              Preview:PK.........E?J................META-INF/PK.........E?J&.x~i...........META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r,J..,K-B...V..+.$x...R.KRSt.*......3R.|..R.x..J3sJ..%.....E...]..l...z.....\.\.PK.........E?J................org/PK.........E?J................org/zeroturnaround/PK.........E?J................org/zeroturnaround/zip/PK.........E?J................org/zeroturnaround/zip/commons/PK.........E?J................org/zeroturnaround/zip/extra/PK.........E?J............"...org/zeroturnaround/zip/timestamps/PK.........E?J............!...org/zeroturnaround/zip/transform/PK.........E?J............'...org/zeroturnaround/zip/ByteSource.class.U.W.U..6.l..B.7...`H..`.-.. ..g[(.b.%....q...../..G_.9.<rN.Oz...?.77.4=.;s....|w....}..2.60.....#..........!.,.X....$r".x ...?.....-x(bU.#...X...@..u|b...8...4..D.....#...d...Z.w..V.`.......&4D7.|..!.>IG..5h..^..%......`...&.9..y....N..oj.L...>9.J.)w.X..N.^..n...Q.%.7o.V-.y`l...fqq..........hyn....wJ.If..V...........r..]..Z....1..5...
                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                              Entropy (8bit):7.999514492216182
                              TrID:
                              • Win64 Executable GUI (202006/5) 92.65%
                              • Win64 Executable (generic) (12005/4) 5.51%
                              • Generic Win/DOS Executable (2004/3) 0.92%
                              • DOS Executable Generic (2002/1) 0.92%
                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                              File name:123.sfx.exe
                              File size:50'480'444 bytes
                              MD5:b38dfb77e2bf795ee75f3e20f493d493
                              SHA1:fb1259948701297f235557764b7448cc7f34828b
                              SHA256:3bf7cf40c4a493fc826fca2c74adcf4858423089dd94ba5a8352e00aa8987028
                              SHA512:cd1d6bf8388c98b0d881d5df1f074e8e6f361eefa7ee5af9a1ee3bb25e23062171ab9e6fbde56afca545f575601d8b16bd779e9972eef945c5470628c84e048f
                              SSDEEP:1572864:N+lgusZA3phJr0hwNCIapBqZxu4swBixuir5On:N+lPdX0CHapBIw2ixuC5On
                              TLSH:DDB7335BF2C04FADDABEA4385D47DB65E2FBB42D0717C0AF3240B55A5B2325A3869301
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\
                              Icon Hash:1515d4d4442f2d2d
                              Entrypoint:0x140032ee0
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x140000000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                              Time Stamp:0x66409723 [Sun May 12 10:17:07 2024 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:5
                              OS Version Minor:2
                              File Version Major:5
                              File Version Minor:2
                              Subsystem Version Major:5
                              Subsystem Version Minor:2
                              Import Hash:b1c5b1beabd90d9fdabd1df0779ea832
                              Instruction
                              dec eax
                              sub esp, 28h
                              call 00007FC68D1EAFA8h
                              dec eax
                              add esp, 28h
                              jmp 00007FC68D1EA93Fh
                              int3
                              int3
                              dec eax
                              mov eax, esp
                              dec eax
                              mov dword ptr [eax+08h], ebx
                              dec eax
                              mov dword ptr [eax+10h], ebp
                              dec eax
                              mov dword ptr [eax+18h], esi
                              dec eax
                              mov dword ptr [eax+20h], edi
                              inc ecx
                              push esi
                              dec eax
                              sub esp, 20h
                              dec ebp
                              mov edx, dword ptr [ecx+38h]
                              dec eax
                              mov esi, edx
                              dec ebp
                              mov esi, eax
                              dec eax
                              mov ebp, ecx
                              dec ecx
                              mov edx, ecx
                              dec eax
                              mov ecx, esi
                              dec ecx
                              mov edi, ecx
                              inc ecx
                              mov ebx, dword ptr [edx]
                              dec eax
                              shl ebx, 04h
                              dec ecx
                              add ebx, edx
                              dec esp
                              lea eax, dword ptr [ebx+04h]
                              call 00007FC68D1E9DC3h
                              mov eax, dword ptr [ebp+04h]
                              and al, 66h
                              neg al
                              mov eax, 00000001h
                              sbb edx, edx
                              neg edx
                              add edx, eax
                              test dword ptr [ebx+04h], edx
                              je 00007FC68D1EAAD3h
                              dec esp
                              mov ecx, edi
                              dec ebp
                              mov eax, esi
                              dec eax
                              mov edx, esi
                              dec eax
                              mov ecx, ebp
                              call 00007FC68D1ECAE7h
                              dec eax
                              mov ebx, dword ptr [esp+30h]
                              dec eax
                              mov ebp, dword ptr [esp+38h]
                              dec eax
                              mov esi, dword ptr [esp+40h]
                              dec eax
                              mov edi, dword ptr [esp+48h]
                              dec eax
                              add esp, 20h
                              inc ecx
                              pop esi
                              ret
                              int3
                              int3
                              int3
                              dec eax
                              sub esp, 48h
                              dec eax
                              lea ecx, dword ptr [esp+20h]
                              call 00007FC68D1D9353h
                              dec eax
                              lea edx, dword ptr [00025747h]
                              dec eax
                              lea ecx, dword ptr [esp+20h]
                              call 00007FC68D1EBBA2h
                              int3
                              jmp 00007FC68D1F1D84h
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              Programming Language:
                              • [ C ] VS2008 SP1 build 30729
                              • [IMP] VS2008 SP1 build 30729
                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x597a00x34.rdata
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x597d40x50.rdata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000xe3bc.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x306c.pdata
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x7f0000x970.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x536c00x54.rdata
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x537800x28.rdata
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b3f00x140.rdata
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x480000x508.rdata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588bc0x120.rdata
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000x4676e0x46800f06bb06e02377ae8b223122e53be35c2False0.5372340425531915data6.47079645411382IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rdata0x480000x128c40x12a002de06d4a6920a6911e64ff20000ea72fFalse0.4499003775167785data5.273999097784603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0x5b0000xe75c0x1a000dbdb901a7d477980097e42e511a94fbFalse0.28275240384615385data3.2571023907881185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .pdata0x6a0000x306c0x3200b0ce0f057741ad2a4ef4717079fa34e9False0.483359375data5.501810413666288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .didat0x6e0000x3600x4001fcc7b1d7a02443319f8fcc2be4ca936False0.2578125data3.0459938492946015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              _RDATA0x6f0000x15c0x2003f331ec50f09ba861beaf955b33712d5False0.408203125data3.3356393424384843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .rsrc0x700000xe3bc0xe4001b279dad3e3d77fcdfb269a130bf474bFalse0.6334121436403509data6.778407783727912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x7f0000x9700xa0077a9ddfc47a5650d6eebbcc823e39532False0.52421875data5.336289720085303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              PNG0x706740xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced1.0027729636048528
                              PNG0x711bc0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced0.9363390441839495
                              RT_ICON0x727680x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colors0.47832369942196534
                              RT_ICON0x72cd00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colors0.5410649819494585
                              RT_ICON0x735780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colors0.4933368869936034
                              RT_ICON0x744200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m0.5390070921985816
                              RT_ICON0x748880x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.41393058161350843
                              RT_ICON0x759300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m0.3479253112033195
                              RT_ICON0x77ed80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9809269502193401
                              RT_DIALOG0x7bc4c0x2badata0.5286532951289399
                              RT_DIALOG0x7bf080x13adata0.6560509554140127
                              RT_DIALOG0x7c0440xf2data0.71900826446281
                              RT_DIALOG0x7c1380x14adata0.6
                              RT_DIALOG0x7c2840x314data0.47588832487309646
                              RT_DIALOG0x7c5980x24adata0.6279863481228669
                              RT_STRING0x7c7e40x1fcdata0.421259842519685
                              RT_STRING0x7c9e00x246data0.41924398625429554
                              RT_STRING0x7cc280x1a6data0.514218009478673
                              RT_STRING0x7cdd00xdcdata0.65
                              RT_STRING0x7ceac0x470data0.3873239436619718
                              RT_STRING0x7d31c0x164data0.5056179775280899
                              RT_STRING0x7d4800x110data0.5772058823529411
                              RT_STRING0x7d5900x158data0.4563953488372093
                              RT_STRING0x7d6e80xe8data0.5948275862068966
                              RT_STRING0x7d7d00x1c6data0.5242290748898678
                              RT_STRING0x7d9980x268data0.4837662337662338
                              RT_GROUP_ICON0x7dc000x68data0.7019230769230769
                              RT_MANIFEST0x7dc680x753XML 1.0 document, ASCII text, with CRLF line terminators0.3957333333333333
                              DLLImport
                              KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
                              OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                              gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc
                              TimestampSource PortDest PortSource IPDest IP
                              Sep 18, 2024 18:27:21.212874889 CEST49708443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:21.212928057 CEST44349708104.20.3.235192.168.2.5
                              Sep 18, 2024 18:27:21.213012934 CEST49708443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:21.229847908 CEST49708443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:21.229873896 CEST44349708104.20.3.235192.168.2.5
                              Sep 18, 2024 18:27:21.727811098 CEST44349708104.20.3.235192.168.2.5
                              Sep 18, 2024 18:27:21.727894068 CEST49708443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:21.790515900 CEST49708443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:21.790549040 CEST44349708104.20.3.235192.168.2.5
                              Sep 18, 2024 18:27:21.790862083 CEST44349708104.20.3.235192.168.2.5
                              Sep 18, 2024 18:27:21.790955067 CEST49708443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:21.790963888 CEST44349708104.20.3.235192.168.2.5
                              Sep 18, 2024 18:27:21.790990114 CEST49708443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:21.832623005 CEST4970980192.168.2.5142.250.185.238
                              Sep 18, 2024 18:27:21.837600946 CEST8049709142.250.185.238192.168.2.5
                              Sep 18, 2024 18:27:21.837706089 CEST4970980192.168.2.5142.250.185.238
                              Sep 18, 2024 18:27:21.838429928 CEST4970980192.168.2.5142.250.185.238
                              Sep 18, 2024 18:27:21.843494892 CEST8049709142.250.185.238192.168.2.5
                              Sep 18, 2024 18:27:21.843693972 CEST4970980192.168.2.5142.250.185.238
                              Sep 18, 2024 18:27:21.878302097 CEST49710443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:21.878379107 CEST44349710104.20.3.235192.168.2.5
                              Sep 18, 2024 18:27:21.878664017 CEST49710443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:21.879628897 CEST49710443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:21.879662991 CEST44349710104.20.3.235192.168.2.5
                              Sep 18, 2024 18:27:22.341552019 CEST44349710104.20.3.235192.168.2.5
                              Sep 18, 2024 18:27:22.341639042 CEST49710443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:22.343673944 CEST49710443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:22.343691111 CEST44349710104.20.3.235192.168.2.5
                              Sep 18, 2024 18:27:22.343813896 CEST49710443192.168.2.5104.20.3.235
                              Sep 18, 2024 18:27:22.343841076 CEST44349710104.20.3.235192.168.2.5
                              Sep 18, 2024 18:27:22.343945026 CEST49710443192.168.2.5104.20.3.235
                              TimestampSource PortDest PortSource IPDest IP
                              Sep 18, 2024 18:27:21.204427958 CEST5683953192.168.2.51.1.1.1
                              Sep 18, 2024 18:27:21.211338997 CEST53568391.1.1.1192.168.2.5
                              Sep 18, 2024 18:27:21.821960926 CEST5949553192.168.2.51.1.1.1
                              Sep 18, 2024 18:27:21.831228971 CEST53594951.1.1.1192.168.2.5
                              Sep 18, 2024 18:27:35.407743931 CEST5997753192.168.2.51.1.1.1
                              Sep 18, 2024 18:27:35.414832115 CEST53599771.1.1.1192.168.2.5
                              Sep 18, 2024 18:27:36.409849882 CEST5364812162.159.36.2192.168.2.5
                              Sep 18, 2024 18:27:36.873608112 CEST5952253192.168.2.51.1.1.1
                              Sep 18, 2024 18:27:36.881218910 CEST53595221.1.1.1192.168.2.5
                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Sep 18, 2024 18:27:21.204427958 CEST192.168.2.51.1.1.10xcccStandard query (0)pastebin.comA (IP address)IN (0x0001)false
                              Sep 18, 2024 18:27:21.821960926 CEST192.168.2.51.1.1.10x212fStandard query (0)google.comA (IP address)IN (0x0001)false
                              Sep 18, 2024 18:27:35.407743931 CEST192.168.2.51.1.1.10xe820Standard query (0)google.comA (IP address)IN (0x0001)false
                              Sep 18, 2024 18:27:36.873608112 CEST192.168.2.51.1.1.10xf0dStandard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Sep 18, 2024 18:27:21.211338997 CEST1.1.1.1192.168.2.50xcccNo error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                              Sep 18, 2024 18:27:21.211338997 CEST1.1.1.1192.168.2.50xcccNo error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                              Sep 18, 2024 18:27:21.211338997 CEST1.1.1.1192.168.2.50xcccNo error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                              Sep 18, 2024 18:27:21.831228971 CEST1.1.1.1192.168.2.50x212fNo error (0)google.com142.250.185.238A (IP address)IN (0x0001)false
                              Sep 18, 2024 18:27:35.414832115 CEST1.1.1.1192.168.2.50xe820No error (0)google.com142.250.185.142A (IP address)IN (0x0001)false
                              Sep 18, 2024 18:27:36.881218910 CEST1.1.1.1192.168.2.50xf0dName error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                              Click to jump to process

                              Click to jump to process

                              Click to dive into process behavior distribution

                              Click to jump to process

                              Target ID:0
                              Start time:12:27:03
                              Start date:18/09/2024
                              Path:C:\Users\user\Desktop\123.sfx.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Users\user\Desktop\123.sfx.exe"
                              Imagebase:0x7ff704a80000
                              File size:50'480'444 bytes
                              MD5 hash:B38DFB77E2BF795EE75F3E20F493D493
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              Target ID:2
                              Start time:12:27:09
                              Start date:18/09/2024
                              Path:C:\Windows\System32\cmd.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Windows\System32\cmd.exe" /c C:\users\public\123.exe
                              Imagebase:0x7ff711900000
                              File size:289'792 bytes
                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              Target ID:3
                              Start time:12:27:09
                              Start date:18/09/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff6d64d0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              Target ID:4
                              Start time:12:27:10
                              Start date:18/09/2024
                              Path:C:\Users\Public\123.exe
                              Wow64 process (32bit):true
                              Commandline:C:\users\public\123.exe
                              Imagebase:0x400000
                              File size:161'739'843 bytes
                              MD5 hash:8A5D3B7370D1B880AD305C1691CDBE77
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Antivirus matches:
                              • Detection: 0%, ReversingLabs
                              Reputation:low
                              Has exited:true

                              Target ID:5
                              Start time:12:27:17
                              Start date:18/09/2024
                              Path:C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
                              Imagebase:0x20000
                              File size:191'552 bytes
                              MD5 hash:48C96771106DBDD5D42BBA3772E4B414
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Antivirus matches:
                              • Detection: 0%, ReversingLabs
                              Reputation:moderate
                              Has exited:true

                              Target ID:7
                              Start time:12:27:21
                              Start date:18/09/2024
                              Path:C:\Windows\SysWOW64\netsh.exe
                              Wow64 process (32bit):true
                              Commandline:netsh advfirewall set domainprofile state off
                              Imagebase:0x1080000
                              File size:82'432 bytes
                              MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              Target ID:8
                              Start time:12:27:21
                              Start date:18/09/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff6d64d0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              Reset < >

                                Execution Graph

                                Execution Coverage:12.4%
                                Dynamic/Decrypted Code Coverage:0%
                                Signature Coverage:26.4%
                                Total number of Nodes:2000
                                Total number of Limit Nodes:26
                                execution_graph 25871 7ff704ab1491 25872 7ff704ab13c9 25871->25872 25875 7ff704ab1900 25872->25875 25901 7ff704ab1558 25875->25901 25878 7ff704ab198b 25879 7ff704ab1868 DloadReleaseSectionWriteAccess 6 API calls 25878->25879 25880 7ff704ab1998 RaiseException 25879->25880 25881 7ff704ab1408 25880->25881 25882 7ff704ab1a3d LoadLibraryExA 25884 7ff704ab1a54 GetLastError 25882->25884 25885 7ff704ab1aa9 25882->25885 25883 7ff704ab1b85 25909 7ff704ab1868 25883->25909 25888 7ff704ab1a69 25884->25888 25889 7ff704ab1a7e 25884->25889 25886 7ff704ab1abd 25885->25886 25890 7ff704ab1ab4 FreeLibrary 25885->25890 25886->25883 25887 7ff704ab1b1b GetProcAddress 25886->25887 25887->25883 25894 7ff704ab1b30 GetLastError 25887->25894 25888->25885 25888->25889 25893 7ff704ab1868 DloadReleaseSectionWriteAccess 6 API calls 25889->25893 25890->25886 25891 7ff704ab19b4 25891->25882 25891->25883 25891->25885 25891->25886 25895 7ff704ab1a8b RaiseException 25893->25895 25896 7ff704ab1b45 25894->25896 25895->25881 25896->25883 25897 7ff704ab1868 DloadReleaseSectionWriteAccess 6 API calls 25896->25897 25898 7ff704ab1b67 RaiseException 25897->25898 25899 7ff704ab1558 _com_raise_error 6 API calls 25898->25899 25900 7ff704ab1b81 25899->25900 25900->25883 25902 7ff704ab156e 25901->25902 25908 7ff704ab15d3 25901->25908 25917 7ff704ab1604 25902->25917 25905 7ff704ab15ce 25907 7ff704ab1604 DloadReleaseSectionWriteAccess 3 API calls 25905->25907 25907->25908 25908->25878 25908->25891 25910 7ff704ab1878 25909->25910 25916 7ff704ab18d1 25909->25916 25911 7ff704ab1604 DloadReleaseSectionWriteAccess 3 API calls 25910->25911 25912 7ff704ab187d 25911->25912 25913 7ff704ab18cc 25912->25913 25915 7ff704ab17d8 DloadProtectSection 3 API calls 25912->25915 25914 7ff704ab1604 DloadReleaseSectionWriteAccess 3 API calls 25913->25914 25914->25916 25915->25913 25916->25881 25918 7ff704ab161f 25917->25918 25919 7ff704ab1573 25917->25919 25918->25919 25920 7ff704ab1624 GetModuleHandleW 25918->25920 25919->25905 25924 7ff704ab17d8 25919->25924 25921 7ff704ab1639 25920->25921 25922 7ff704ab163e GetProcAddress 25920->25922 25921->25919 25922->25921 25923 7ff704ab1653 GetProcAddress 25922->25923 25923->25921 25925 7ff704ab17fa DloadProtectSection 25924->25925 25926 7ff704ab183a VirtualProtect 25925->25926 25927 7ff704ab1802 25925->25927 25929 7ff704ab16a4 VirtualQuery GetSystemInfo 25925->25929 25926->25927 25927->25905 25929->25926 25930 7ff704ab11cf 25931 7ff704ab1102 25930->25931 25932 7ff704ab1900 _com_raise_error 14 API calls 25931->25932 25933 7ff704ab1141 25932->25933 25934 7ff704ab03e0 25935 7ff704ab041f 25934->25935 25936 7ff704ab0497 25934->25936 25938 7ff704a9aae0 48 API calls 25935->25938 25959 7ff704a9aae0 25936->25959 25940 7ff704ab0433 25938->25940 25974 7ff704a9da98 25940->25974 25941 7ff704a9da98 48 API calls 25945 7ff704ab0442 BuildCatchObjectHelperInternal 25941->25945 25944 7ff704ab0541 25971 7ff704a8250c 25944->25971 25946 7ff704ab05c6 25945->25946 25954 7ff704ab05cc 25945->25954 25966 7ff704a81fa0 25945->25966 25977 7ff704ab7904 25946->25977 25950 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 25951 7ff704ab05d2 25950->25951 25954->25950 25960 7ff704a9aaf3 25959->25960 25982 7ff704a99774 25960->25982 25963 7ff704a9ab86 25963->25941 25964 7ff704a9ab58 LoadStringW 25964->25963 25965 7ff704a9ab71 LoadStringW 25964->25965 25965->25963 25967 7ff704a81fb3 25966->25967 25968 7ff704a81fdc 25966->25968 25967->25968 25969 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 25967->25969 25968->25944 25970 7ff704a82000 25969->25970 25972 7ff704a82516 SetDlgItemTextW 25971->25972 25973 7ff704a82513 25971->25973 25973->25972 26019 7ff704a9d874 25974->26019 26122 7ff704ab783c 31 API calls 3 library calls 25977->26122 25979 7ff704ab791d 26123 7ff704ab7934 16 API calls abort 25979->26123 25989 7ff704a99638 25982->25989 25984 7ff704a997d9 25999 7ff704ab2320 25984->25999 25990 7ff704a99692 25989->25990 25998 7ff704a99730 25989->25998 25994 7ff704a996c0 25990->25994 26012 7ff704aa0f68 WideCharToMultiByte 25990->26012 25992 7ff704ab2320 _handle_error 8 API calls 25993 7ff704a99764 25992->25993 25993->25984 26008 7ff704a99800 25993->26008 25997 7ff704a996ef 25994->25997 26014 7ff704a9aa88 45 API calls _snwprintf 25994->26014 26015 7ff704aba270 31 API calls 2 library calls 25997->26015 25998->25992 26000 7ff704ab2329 25999->26000 26001 7ff704a997f2 26000->26001 26002 7ff704ab2550 IsProcessorFeaturePresent 26000->26002 26001->25963 26001->25964 26003 7ff704ab2568 26002->26003 26016 7ff704ab2744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 26003->26016 26005 7ff704ab257b 26017 7ff704ab2510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 26005->26017 26009 7ff704a99840 26008->26009 26011 7ff704a99869 26008->26011 26018 7ff704aba270 31 API calls 2 library calls 26009->26018 26011->25984 26013 7ff704aa0faa 26012->26013 26013->25994 26014->25997 26015->25998 26016->26005 26018->26011 26035 7ff704a9d4d0 26019->26035 26024 7ff704a9d9a3 26026 7ff704a9da17 26024->26026 26029 7ff704a9da3f 26024->26029 26025 7ff704a9d8e5 _snwprintf 26032 7ff704a9d974 26025->26032 26049 7ff704ab9ef0 26025->26049 26076 7ff704a89d78 33 API calls 26025->26076 26028 7ff704ab2320 _handle_error 8 API calls 26026->26028 26030 7ff704a9da2b 26028->26030 26031 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26029->26031 26030->25945 26033 7ff704a9da44 26031->26033 26032->26024 26077 7ff704a89d78 33 API calls 26032->26077 26036 7ff704a9d665 26035->26036 26038 7ff704a9d502 26035->26038 26039 7ff704a9cb80 26036->26039 26037 7ff704a81744 33 API calls 26037->26038 26038->26036 26038->26037 26040 7ff704a9cc80 26039->26040 26041 7ff704a9cbb6 26039->26041 26094 7ff704a82004 33 API calls std::_Xinvalid_argument 26040->26094 26044 7ff704a9cc20 26041->26044 26045 7ff704a9cc7b 26041->26045 26047 7ff704a9cbc6 26041->26047 26044->26047 26078 7ff704ab21d0 26044->26078 26087 7ff704a81f80 26045->26087 26047->26025 26050 7ff704ab9f36 26049->26050 26051 7ff704ab9f4e 26049->26051 26110 7ff704abd69c 15 API calls abort 26050->26110 26051->26050 26053 7ff704ab9f58 26051->26053 26112 7ff704ab7ef0 35 API calls 2 library calls 26053->26112 26054 7ff704ab9f3b 26111 7ff704ab78e4 31 API calls _invalid_parameter_noinfo 26054->26111 26057 7ff704ab2320 _handle_error 8 API calls 26059 7ff704aba10b 26057->26059 26058 7ff704ab9f69 memcpy_s 26113 7ff704ab7e70 15 API calls _set_fmode 26058->26113 26059->26025 26061 7ff704ab9fd4 26114 7ff704ab82f8 46 API calls 3 library calls 26061->26114 26063 7ff704ab9fdd 26064 7ff704ab9fe5 26063->26064 26065 7ff704aba014 26063->26065 26115 7ff704abd90c 26064->26115 26067 7ff704aba092 26065->26067 26068 7ff704aba01a 26065->26068 26072 7ff704aba023 26065->26072 26073 7ff704aba06c 26065->26073 26070 7ff704aba09c 26067->26070 26067->26073 26068->26072 26068->26073 26069 7ff704abd90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 26075 7ff704ab9f46 26069->26075 26074 7ff704abd90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 26070->26074 26071 7ff704abd90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 26071->26075 26072->26071 26073->26069 26074->26075 26075->26057 26076->26025 26077->26024 26080 7ff704ab21db 26078->26080 26079 7ff704ab21f4 26079->26047 26080->26079 26082 7ff704ab21fa 26080->26082 26095 7ff704abbbc0 26080->26095 26085 7ff704ab2205 26082->26085 26098 7ff704ab2f7c RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc std::_Xinvalid_argument 26082->26098 26084 7ff704a81f80 Concurrency::cancel_current_task 33 API calls 26086 7ff704ab220b 26084->26086 26085->26084 26088 7ff704a81f8e std::bad_alloc::bad_alloc 26087->26088 26105 7ff704ab4078 26088->26105 26090 7ff704a81f9f 26091 7ff704a81fdc 26090->26091 26092 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26090->26092 26091->26040 26093 7ff704a82000 26092->26093 26099 7ff704abbc00 26095->26099 26098->26085 26104 7ff704abf398 EnterCriticalSection 26099->26104 26106 7ff704ab40b4 RtlPcToFileHeader 26105->26106 26107 7ff704ab4097 26105->26107 26108 7ff704ab40db RaiseException 26106->26108 26109 7ff704ab40cc 26106->26109 26107->26106 26108->26090 26109->26108 26110->26054 26111->26075 26112->26058 26113->26061 26114->26063 26116 7ff704abd911 RtlFreeHeap 26115->26116 26120 7ff704abd941 Concurrency::details::SchedulerProxy::DeleteThis 26115->26120 26117 7ff704abd92c 26116->26117 26116->26120 26121 7ff704abd69c 15 API calls abort 26117->26121 26119 7ff704abd931 GetLastError 26119->26120 26120->26075 26121->26119 26122->25979 26124 7ff704aab190 26467 7ff704a8255c 26124->26467 26126 7ff704aab1db 26127 7ff704aab1ef 26126->26127 26128 7ff704aabe93 26126->26128 26277 7ff704aab20c 26126->26277 26131 7ff704aab1ff 26127->26131 26132 7ff704aab2db 26127->26132 26127->26277 26737 7ff704aaf390 26128->26737 26137 7ff704aab2a9 26131->26137 26138 7ff704aab207 26131->26138 26134 7ff704aab391 26132->26134 26140 7ff704aab2f5 26132->26140 26133 7ff704ab2320 _handle_error 8 API calls 26139 7ff704aac350 26133->26139 26475 7ff704a822bc GetDlgItem 26134->26475 26135 7ff704aabec9 26142 7ff704aabef0 GetDlgItem SendMessageW 26135->26142 26143 7ff704aabed5 SendDlgItemMessageW 26135->26143 26136 7ff704aabeba SendMessageW 26136->26135 26144 7ff704aab2cb EndDialog 26137->26144 26137->26277 26145 7ff704a9aae0 48 API calls 26138->26145 26138->26277 26146 7ff704a9aae0 48 API calls 26140->26146 26756 7ff704a962dc GetCurrentDirectoryW 26142->26756 26143->26142 26144->26277 26150 7ff704aab236 26145->26150 26151 7ff704aab313 SetDlgItemTextW 26146->26151 26149 7ff704aabf47 GetDlgItem 26766 7ff704a82520 26149->26766 26770 7ff704a81ec4 34 API calls _handle_error 26150->26770 26155 7ff704aab326 26151->26155 26154 7ff704aab408 GetDlgItem 26158 7ff704aab422 SendMessageW SendMessageW 26154->26158 26159 7ff704aab44f SetFocus 26154->26159 26163 7ff704aab340 GetMessageW 26155->26163 26155->26277 26157 7ff704aab246 26162 7ff704aab25c 26157->26162 26168 7ff704a8250c SetDlgItemTextW 26157->26168 26158->26159 26164 7ff704aab4f2 26159->26164 26165 7ff704aab465 26159->26165 26180 7ff704aac363 26162->26180 26162->26277 26170 7ff704aab35e IsDialogMessageW 26163->26170 26163->26277 26489 7ff704a88d04 26164->26489 26171 7ff704a9aae0 48 API calls 26165->26171 26166 7ff704a81fa0 31 API calls 26166->26277 26168->26162 26170->26155 26175 7ff704aab373 TranslateMessage DispatchMessageW 26170->26175 26176 7ff704aab46f 26171->26176 26172 7ff704aabcc5 26177 7ff704a9aae0 48 API calls 26172->26177 26174 7ff704aab52c 26499 7ff704aaef80 26174->26499 26175->26155 26771 7ff704a8129c 26176->26771 26181 7ff704aabcd6 SetDlgItemTextW 26177->26181 26185 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26180->26185 26184 7ff704a9aae0 48 API calls 26181->26184 26191 7ff704aabd08 26184->26191 26186 7ff704aac368 26185->26186 26196 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26186->26196 26189 7ff704a9aae0 48 API calls 26193 7ff704aab555 26189->26193 26203 7ff704a8129c 33 API calls 26191->26203 26199 7ff704a9da98 48 API calls 26193->26199 26194 7ff704aab498 26200 7ff704aaf0a4 24 API calls 26194->26200 26204 7ff704aac36e 26196->26204 26208 7ff704aab568 26199->26208 26201 7ff704aab4a5 26200->26201 26201->26186 26223 7ff704aab4e8 26201->26223 26231 7ff704aabd31 26203->26231 26215 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26204->26215 26513 7ff704aaf0a4 26208->26513 26214 7ff704aabdda 26224 7ff704a9aae0 48 API calls 26214->26224 26225 7ff704aac374 26215->26225 26219 7ff704a81fa0 31 API calls 26229 7ff704aab586 26219->26229 26222 7ff704aab5ec 26234 7ff704aab61a 26222->26234 26782 7ff704a932a8 26222->26782 26223->26222 26781 7ff704aafa80 33 API calls 2 library calls 26223->26781 26236 7ff704aabde4 26224->26236 26242 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26225->26242 26229->26204 26229->26223 26231->26214 26243 7ff704a8129c 33 API calls 26231->26243 26527 7ff704a92f58 26234->26527 26254 7ff704a8129c 33 API calls 26236->26254 26248 7ff704aac37a 26242->26248 26249 7ff704aabd7f 26243->26249 26260 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26248->26260 26256 7ff704a9aae0 48 API calls 26249->26256 26252 7ff704aab634 GetLastError 26253 7ff704aab64c 26252->26253 26539 7ff704a97fc4 26253->26539 26259 7ff704aabe0d 26254->26259 26261 7ff704aabd8a 26256->26261 26258 7ff704aab60e 26785 7ff704aa9d90 12 API calls _handle_error 26258->26785 26274 7ff704a8129c 33 API calls 26259->26274 26265 7ff704aac380 26260->26265 26267 7ff704a81150 33 API calls 26261->26267 26275 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26265->26275 26270 7ff704aabda2 26267->26270 26269 7ff704aab65e 26272 7ff704aab665 GetLastError 26269->26272 26273 7ff704aab674 26269->26273 26815 7ff704a82034 26270->26815 26272->26273 26283 7ff704aab72b 26273->26283 26285 7ff704aab68b GetTickCount 26273->26285 26370 7ff704aab71c 26273->26370 26278 7ff704aabe4e 26274->26278 26279 7ff704aac386 26275->26279 26277->26133 26291 7ff704a81fa0 31 API calls 26278->26291 26280 7ff704a8255c 61 API calls 26279->26280 26286 7ff704aac3e4 26280->26286 26282 7ff704aabb79 26312 7ff704a9aae0 48 API calls 26282->26312 26287 7ff704aaba50 26283->26287 26786 7ff704a96454 26283->26786 26542 7ff704a84228 26285->26542 26299 7ff704aac489 GetDlgItem SetFocus 26286->26299 26306 7ff704aac3e8 26286->26306 26328 7ff704aac3fd 26286->26328 26290 7ff704aab3b1 EndDialog 26287->26290 26810 7ff704a8bd0c 33 API calls 26287->26810 26288 7ff704aabdbe 26295 7ff704a81fa0 31 API calls 26288->26295 26326 7ff704aab3da 26290->26326 26297 7ff704aabe78 26291->26297 26301 7ff704aabdcc 26295->26301 26304 7ff704a81fa0 31 API calls 26297->26304 26298 7ff704aaba75 26811 7ff704a81150 26298->26811 26310 7ff704aac4ba 26299->26310 26300 7ff704aab74e 26798 7ff704a9b914 102 API calls 26300->26798 26309 7ff704a81fa0 31 API calls 26301->26309 26303 7ff704aab6ba 26311 7ff704a81fa0 31 API calls 26303->26311 26313 7ff704aabe83 26304->26313 26307 7ff704ab2320 _handle_error 8 API calls 26306->26307 26315 7ff704aaca97 26307->26315 26309->26214 26324 7ff704a8129c 33 API calls 26310->26324 26317 7ff704aab6c8 26311->26317 26318 7ff704aabba7 SetDlgItemTextW 26312->26318 26319 7ff704a81fa0 31 API calls 26313->26319 26314 7ff704aaba8a 26320 7ff704a9aae0 48 API calls 26314->26320 26316 7ff704aab768 26323 7ff704a9da98 48 API calls 26316->26323 26552 7ff704a92134 26317->26552 26325 7ff704a82534 26318->26325 26319->26326 26327 7ff704aaba97 26320->26327 26321 7ff704aac434 SendDlgItemMessageW 26329 7ff704aac454 26321->26329 26330 7ff704aac45d EndDialog 26321->26330 26331 7ff704aab7aa GetCommandLineW 26323->26331 26332 7ff704aac4cc 26324->26332 26333 7ff704aabbc5 SetDlgItemTextW GetDlgItem 26325->26333 26326->26166 26334 7ff704a81150 33 API calls 26327->26334 26328->26306 26328->26321 26329->26330 26330->26306 26335 7ff704aab84f 26331->26335 26336 7ff704aab869 26331->26336 26819 7ff704a980d8 33 API calls 26332->26819 26339 7ff704aabbf0 GetWindowLongPtrW SetWindowLongPtrW 26333->26339 26340 7ff704aabc13 26333->26340 26341 7ff704aabaaa 26334->26341 26799 7ff704a820b0 26335->26799 26803 7ff704aaab54 33 API calls _handle_error 26336->26803 26339->26340 26572 7ff704aace88 26340->26572 26346 7ff704a81fa0 31 API calls 26341->26346 26342 7ff704aac4e0 26347 7ff704a8250c SetDlgItemTextW 26342->26347 26352 7ff704aabab5 26346->26352 26354 7ff704aac4f4 26347->26354 26348 7ff704aab87a 26804 7ff704aaab54 33 API calls _handle_error 26348->26804 26349 7ff704aab6f5 GetLastError 26350 7ff704aab704 26349->26350 26568 7ff704a9204c 26350->26568 26358 7ff704a81fa0 31 API calls 26352->26358 26364 7ff704aac526 SendDlgItemMessageW FindFirstFileW 26354->26364 26357 7ff704aace88 160 API calls 26362 7ff704aabc3c 26357->26362 26363 7ff704aabac3 26358->26363 26359 7ff704aab88b 26805 7ff704aaab54 33 API calls _handle_error 26359->26805 26722 7ff704aaf974 26362->26722 26375 7ff704a9aae0 48 API calls 26363->26375 26365 7ff704aac57b 26364->26365 26459 7ff704aaca04 26364->26459 26376 7ff704a9aae0 48 API calls 26365->26376 26366 7ff704aab89c 26806 7ff704a9b9b4 102 API calls 26366->26806 26370->26282 26370->26283 26372 7ff704aab8b3 26807 7ff704aafbdc 33 API calls 26372->26807 26373 7ff704aaca81 26373->26306 26374 7ff704aace88 160 API calls 26389 7ff704aabc6a 26374->26389 26379 7ff704aabadb 26375->26379 26380 7ff704aac59e 26376->26380 26378 7ff704aacaa9 26382 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26378->26382 26390 7ff704a8129c 33 API calls 26379->26390 26392 7ff704a8129c 33 API calls 26380->26392 26381 7ff704aab8d2 CreateFileMappingW 26384 7ff704aab911 MapViewOfFile 26381->26384 26385 7ff704aab953 ShellExecuteExW 26381->26385 26386 7ff704aacaae 26382->26386 26383 7ff704aabc96 26736 7ff704a82298 GetDlgItem EnableWindow 26383->26736 26808 7ff704ab3640 26384->26808 26407 7ff704aab974 26385->26407 26393 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26386->26393 26389->26383 26394 7ff704aace88 160 API calls 26389->26394 26402 7ff704aabb04 26390->26402 26391 7ff704aab3f5 26391->26172 26391->26290 26395 7ff704aac5cd 26392->26395 26396 7ff704aacab4 26393->26396 26394->26383 26397 7ff704a81150 33 API calls 26395->26397 26400 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26396->26400 26398 7ff704aac5e8 26397->26398 26820 7ff704a8e164 33 API calls 2 library calls 26398->26820 26399 7ff704aab9c3 26408 7ff704aab9ef 26399->26408 26409 7ff704aab9dc UnmapViewOfFile CloseHandle 26399->26409 26404 7ff704aacaba 26400->26404 26401 7ff704aabb5a 26405 7ff704a81fa0 31 API calls 26401->26405 26402->26248 26402->26401 26412 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26404->26412 26405->26290 26406 7ff704aac5ff 26410 7ff704a81fa0 31 API calls 26406->26410 26407->26399 26414 7ff704aab9b1 Sleep 26407->26414 26408->26225 26411 7ff704aaba25 26408->26411 26409->26408 26413 7ff704aac60c 26410->26413 26416 7ff704a81fa0 31 API calls 26411->26416 26415 7ff704aacac0 26412->26415 26413->26386 26418 7ff704a81fa0 31 API calls 26413->26418 26414->26399 26414->26407 26419 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26415->26419 26417 7ff704aaba42 26416->26417 26420 7ff704a81fa0 31 API calls 26417->26420 26421 7ff704aac673 26418->26421 26422 7ff704aacac6 26419->26422 26420->26287 26423 7ff704a8250c SetDlgItemTextW 26421->26423 26425 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26422->26425 26424 7ff704aac687 FindClose 26423->26424 26426 7ff704aac6a3 26424->26426 26427 7ff704aac797 SendDlgItemMessageW 26424->26427 26428 7ff704aacacc 26425->26428 26821 7ff704aaa2cc 10 API calls _handle_error 26426->26821 26429 7ff704aac7cb 26427->26429 26432 7ff704a9aae0 48 API calls 26429->26432 26431 7ff704aac6c6 26433 7ff704a9aae0 48 API calls 26431->26433 26434 7ff704aac7d8 26432->26434 26435 7ff704aac6cf 26433->26435 26437 7ff704a8129c 33 API calls 26434->26437 26436 7ff704a9da98 48 API calls 26435->26436 26440 7ff704aac6ec BuildCatchObjectHelperInternal 26436->26440 26439 7ff704aac807 26437->26439 26438 7ff704a81fa0 31 API calls 26441 7ff704aac783 26438->26441 26442 7ff704a81150 33 API calls 26439->26442 26440->26396 26440->26438 26443 7ff704a8250c SetDlgItemTextW 26441->26443 26444 7ff704aac822 26442->26444 26443->26427 26822 7ff704a8e164 33 API calls 2 library calls 26444->26822 26446 7ff704aac839 26447 7ff704a81fa0 31 API calls 26446->26447 26448 7ff704aac845 BuildCatchObjectHelperInternal 26447->26448 26449 7ff704a81fa0 31 API calls 26448->26449 26450 7ff704aac87f 26449->26450 26451 7ff704a81fa0 31 API calls 26450->26451 26452 7ff704aac88c 26451->26452 26452->26404 26453 7ff704a81fa0 31 API calls 26452->26453 26454 7ff704aac8f3 26453->26454 26455 7ff704a8250c SetDlgItemTextW 26454->26455 26456 7ff704aac907 26455->26456 26456->26459 26823 7ff704aaa2cc 10 API calls _handle_error 26456->26823 26458 7ff704aac932 26460 7ff704a9aae0 48 API calls 26458->26460 26459->26306 26459->26373 26459->26378 26459->26422 26461 7ff704aac93c 26460->26461 26462 7ff704a9da98 48 API calls 26461->26462 26464 7ff704aac959 BuildCatchObjectHelperInternal 26462->26464 26463 7ff704a81fa0 31 API calls 26465 7ff704aac9f0 26463->26465 26464->26415 26464->26463 26466 7ff704a8250c SetDlgItemTextW 26465->26466 26466->26459 26468 7ff704a8256a 26467->26468 26469 7ff704a825d0 26467->26469 26468->26469 26824 7ff704a9a4ac 26468->26824 26469->26126 26471 7ff704a8258f 26471->26469 26472 7ff704a825a4 GetDlgItem 26471->26472 26472->26469 26473 7ff704a825b7 26472->26473 26473->26469 26474 7ff704a825be SetWindowTextW 26473->26474 26474->26469 26476 7ff704a822fc 26475->26476 26477 7ff704a82334 26475->26477 26479 7ff704a8129c 33 API calls 26476->26479 26877 7ff704a823f8 GetWindowTextLengthW 26477->26877 26480 7ff704a8232a BuildCatchObjectHelperInternal 26479->26480 26481 7ff704a82389 26480->26481 26482 7ff704a81fa0 31 API calls 26480->26482 26485 7ff704a823f0 26481->26485 26486 7ff704a823c8 26481->26486 26482->26481 26483 7ff704ab2320 _handle_error 8 API calls 26484 7ff704a823dd 26483->26484 26484->26154 26484->26290 26484->26391 26487 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26485->26487 26486->26483 26488 7ff704a823f5 26487->26488 26490 7ff704a88d34 26489->26490 26491 7ff704a88de8 26489->26491 26494 7ff704a88d91 26490->26494 26495 7ff704a88de3 26490->26495 26497 7ff704a88d42 BuildCatchObjectHelperInternal 26490->26497 26901 7ff704a82004 33 API calls std::_Xinvalid_argument 26491->26901 26494->26497 26498 7ff704ab21d0 33 API calls 26494->26498 26496 7ff704a81f80 Concurrency::cancel_current_task 33 API calls 26495->26496 26496->26491 26497->26174 26498->26497 26503 7ff704aaefb0 26499->26503 26500 7ff704aaefd7 26501 7ff704ab2320 _handle_error 8 API calls 26500->26501 26502 7ff704aab537 26501->26502 26502->26189 26503->26500 26902 7ff704a8bd0c 33 API calls 26503->26902 26505 7ff704aaf02a 26506 7ff704a81150 33 API calls 26505->26506 26507 7ff704aaf03f 26506->26507 26509 7ff704a81fa0 31 API calls 26507->26509 26511 7ff704aaf04f BuildCatchObjectHelperInternal 26507->26511 26508 7ff704a81fa0 31 API calls 26510 7ff704aaf076 26508->26510 26509->26511 26512 7ff704a81fa0 31 API calls 26510->26512 26511->26508 26512->26500 26903 7ff704aaae1c PeekMessageW 26513->26903 26516 7ff704aaf0f5 26520 7ff704aaf101 ShowWindow SendMessageW SendMessageW 26516->26520 26517 7ff704aaf143 SendMessageW SendMessageW 26518 7ff704aaf1a4 SendMessageW 26517->26518 26519 7ff704aaf189 26517->26519 26521 7ff704aaf1c6 SendMessageW SendMessageW 26518->26521 26522 7ff704aaf1c3 26518->26522 26519->26518 26520->26517 26523 7ff704aaf1f3 SendMessageW 26521->26523 26524 7ff704aaf218 SendMessageW 26521->26524 26522->26521 26523->26524 26525 7ff704ab2320 _handle_error 8 API calls 26524->26525 26526 7ff704aab578 26525->26526 26526->26219 26530 7ff704a9309d 26527->26530 26535 7ff704a92f8e 26527->26535 26528 7ff704ab2320 _handle_error 8 API calls 26529 7ff704a930b3 26528->26529 26529->26252 26529->26253 26530->26528 26531 7ff704a93077 26531->26530 26532 7ff704a93684 56 API calls 26531->26532 26532->26530 26533 7ff704a8129c 33 API calls 26533->26535 26535->26531 26535->26533 26536 7ff704a930c8 26535->26536 26908 7ff704a93684 26535->26908 26537 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26536->26537 26538 7ff704a930cd 26537->26538 26540 7ff704a97fcf 26539->26540 26541 7ff704a97fd2 SetCurrentDirectoryW 26539->26541 26540->26541 26541->26269 26543 7ff704a84255 26542->26543 26544 7ff704a8426a 26543->26544 26545 7ff704a8129c 33 API calls 26543->26545 26546 7ff704ab2320 _handle_error 8 API calls 26544->26546 26545->26544 26547 7ff704a842a1 26546->26547 26548 7ff704a83c84 26547->26548 26549 7ff704a83cab 26548->26549 27060 7ff704a8710c 26549->27060 26551 7ff704a83cbb BuildCatchObjectHelperInternal 26551->26303 26555 7ff704a9216a 26552->26555 26553 7ff704a9219e 26556 7ff704a9227f 26553->26556 26558 7ff704a96a0c 49 API calls 26553->26558 26554 7ff704a921b1 CreateFileW 26554->26553 26555->26553 26555->26554 26557 7ff704a922af 26556->26557 26561 7ff704a820b0 33 API calls 26556->26561 26559 7ff704ab2320 _handle_error 8 API calls 26557->26559 26560 7ff704a92209 26558->26560 26562 7ff704a922c4 26559->26562 26563 7ff704a92246 26560->26563 26564 7ff704a9220d CreateFileW 26560->26564 26561->26557 26562->26349 26562->26350 26563->26556 26565 7ff704a922d8 26563->26565 26564->26563 26566 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26565->26566 26567 7ff704a922dd 26566->26567 26569 7ff704a92066 26568->26569 26570 7ff704a92072 26568->26570 26569->26570 27072 7ff704a920d0 26569->27072 27079 7ff704aaaa08 26572->27079 26574 7ff704aad1ee 26575 7ff704a81fa0 31 API calls 26574->26575 26576 7ff704aad1f7 26575->26576 26578 7ff704ab2320 _handle_error 8 API calls 26576->26578 26577 7ff704a9d22c 33 API calls 26607 7ff704aacf03 BuildCatchObjectHelperInternal 26577->26607 26579 7ff704aabc2b 26578->26579 26579->26357 26580 7ff704aaeefa 27210 7ff704a8704c 47 API calls BuildCatchObjectHelperInternal 26580->27210 26583 7ff704aaef00 27211 7ff704a8704c 47 API calls BuildCatchObjectHelperInternal 26583->27211 26584 7ff704a8129c 33 API calls 26584->26607 26586 7ff704aaef06 26590 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26586->26590 26588 7ff704aaeeee 26589 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26588->26589 26591 7ff704aaeef4 26589->26591 26593 7ff704aaef0c 26590->26593 27209 7ff704a8704c 47 API calls BuildCatchObjectHelperInternal 26591->27209 26595 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26593->26595 26596 7ff704aaef12 26595->26596 26600 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26596->26600 26597 7ff704a820b0 33 API calls 26601 7ff704aaee77 26597->26601 26598 7ff704aaeee8 27208 7ff704a82004 33 API calls std::_Xinvalid_argument 26598->27208 26599 7ff704a813a4 33 API calls 26602 7ff704aadc3a GetTempPathW 26599->26602 26604 7ff704aaef18 26600->26604 27207 7ff704aaabe8 33 API calls 3 library calls 26601->27207 26602->26607 26603 7ff704a962dc 35 API calls 26603->26607 26613 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26604->26613 26606 7ff704aae7f3 26606->26598 26621 7ff704ab21d0 33 API calls 26606->26621 26623 7ff704aaeed2 26606->26623 26633 7ff704aae83b BuildCatchObjectHelperInternal 26606->26633 26607->26574 26607->26577 26607->26580 26607->26583 26607->26584 26607->26586 26607->26588 26607->26591 26607->26593 26607->26596 26607->26599 26607->26603 26607->26604 26607->26606 26611 7ff704a82520 SetWindowTextW 26607->26611 26615 7ff704abbb8c 43 API calls 26607->26615 26616 7ff704aaef1e 26607->26616 26620 7ff704a82034 33 API calls 26607->26620 26625 7ff704aaaa08 33 API calls 26607->26625 26627 7ff704aaef24 26607->26627 26631 7ff704a93f30 54 API calls 26607->26631 26636 7ff704aaee4a 26607->26636 26637 7ff704aaef2a 26607->26637 26639 7ff704a820b0 33 API calls 26607->26639 26653 7ff704aa99c8 31 API calls 26607->26653 26654 7ff704a8e164 33 API calls 26607->26654 26655 7ff704a93d34 51 API calls 26607->26655 26656 7ff704aaef30 26607->26656 26671 7ff704aaef36 26607->26671 26673 7ff704a95b60 53 API calls 26607->26673 26674 7ff704a9dc2c 33 API calls 26607->26674 26675 7ff704aad63c SendMessageW 26607->26675 26677 7ff704aaef3c 26607->26677 26680 7ff704a95aa8 33 API calls 26607->26680 26686 7ff704a81fa0 31 API calls 26607->26686 26687 7ff704aaef42 26607->26687 26690 7ff704a88d04 33 API calls 26607->26690 26692 7ff704a81744 33 API calls 26607->26692 26694 7ff704a84228 33 API calls 26607->26694 26696 7ff704a932a8 51 API calls 26607->26696 26698 7ff704a95820 33 API calls 26607->26698 26700 7ff704a8250c SetDlgItemTextW 26607->26700 26705 7ff704a81150 33 API calls 26607->26705 26709 7ff704a82674 31 API calls 26607->26709 26711 7ff704aadf99 EndDialog 26607->26711 26713 7ff704a932bc 51 API calls 26607->26713 26716 7ff704aadb21 MoveFileW 26607->26716 26720 7ff704a92f58 56 API calls 26607->26720 27083 7ff704aa13c4 CompareStringW 26607->27083 27084 7ff704aaa440 26607->27084 27160 7ff704a9cfa4 35 API calls _invalid_parameter_noinfo_noreturn 26607->27160 27161 7ff704aa95b4 33 API calls Concurrency::cancel_current_task 26607->27161 27162 7ff704ab0684 31 API calls _invalid_parameter_noinfo_noreturn 26607->27162 27163 7ff704a8df4c 47 API calls BuildCatchObjectHelperInternal 26607->27163 27164 7ff704aaa834 33 API calls _invalid_parameter_noinfo_noreturn 26607->27164 27165 7ff704aa9518 33 API calls 26607->27165 27166 7ff704aaabe8 33 API calls 3 library calls 26607->27166 27167 7ff704a97368 33 API calls 2 library calls 26607->27167 27168 7ff704a94088 33 API calls 26607->27168 27169 7ff704a965b0 33 API calls 3 library calls 26607->27169 27170 7ff704a972cc 26607->27170 27174 7ff704a931bc 26607->27174 27188 7ff704a93ea0 FindClose 26607->27188 27189 7ff704aa13f4 CompareStringW 26607->27189 27190 7ff704aa9cd0 47 API calls 26607->27190 27191 7ff704aa87d8 51 API calls 3 library calls 26607->27191 27192 7ff704aaab54 33 API calls _handle_error 26607->27192 27193 7ff704a97df4 26607->27193 27201 7ff704a95b08 CompareStringW 26607->27201 27202 7ff704a97eb0 47 API calls 26607->27202 26609 7ff704a81f80 Concurrency::cancel_current_task 33 API calls 26609->26598 26611->26607 26613->26616 26614 7ff704aaee8d 26618 7ff704a81fa0 31 API calls 26614->26618 26622 7ff704aaeea4 BuildCatchObjectHelperInternal 26614->26622 26615->26607 26624 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26616->26624 26618->26622 26619 7ff704a81fa0 31 API calls 26619->26623 26620->26607 26621->26633 26622->26619 26623->26609 26624->26627 26625->26607 26632 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26627->26632 26628 7ff704aaef6c 27213 7ff704a82004 33 API calls std::_Xinvalid_argument 26628->27213 26629 7ff704a81fa0 31 API calls 26629->26636 26630 7ff704aaef78 27214 7ff704a82004 33 API calls std::_Xinvalid_argument 26630->27214 26631->26607 26632->26637 26642 7ff704a820b0 33 API calls 26633->26642 26678 7ff704aaeb8f 26633->26678 26636->26597 26636->26623 26647 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26637->26647 26638 7ff704aaef72 26649 7ff704a81f80 Concurrency::cancel_current_task 33 API calls 26638->26649 26639->26607 26641 7ff704aaef66 26645 7ff704a81f80 Concurrency::cancel_current_task 33 API calls 26641->26645 26648 7ff704aae963 26642->26648 26644 7ff704aaed40 26644->26630 26644->26638 26663 7ff704aaed3b BuildCatchObjectHelperInternal 26644->26663 26667 7ff704ab21d0 33 API calls 26644->26667 26645->26628 26646 7ff704aaec2a 26646->26628 26646->26641 26658 7ff704aaec72 BuildCatchObjectHelperInternal 26646->26658 26646->26663 26665 7ff704ab21d0 33 API calls 26646->26665 26647->26656 26657 7ff704aaef60 26648->26657 26664 7ff704a8129c 33 API calls 26648->26664 26649->26630 26651 7ff704aad5e9 GetDlgItem 26660 7ff704a82520 SetWindowTextW 26651->26660 26653->26607 26654->26607 26655->26607 26668 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26656->26668 27212 7ff704a8704c 47 API calls BuildCatchObjectHelperInternal 26657->27212 27122 7ff704aaf4e0 26658->27122 26666 7ff704aad608 SendMessageW 26660->26666 26663->26629 26669 7ff704aae9a6 26664->26669 26665->26658 26666->26607 26667->26663 26668->26671 27203 7ff704a9d22c 26669->27203 26676 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26671->26676 26673->26607 26674->26607 26675->26607 26676->26677 26683 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26677->26683 26678->26644 26678->26646 26685 7ff704aaef54 26678->26685 26688 7ff704aaef5a 26678->26688 26680->26607 26683->26687 26689 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26685->26689 26686->26607 26695 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26687->26695 26693 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26688->26693 26689->26688 26690->26607 26691 7ff704aa13c4 CompareStringW 26714 7ff704aae9d1 26691->26714 26692->26607 26693->26657 26694->26607 26697 7ff704aaef48 26695->26697 26696->26607 26699 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26697->26699 26698->26607 26701 7ff704aaef4e 26699->26701 26700->26607 26706 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26701->26706 26702 7ff704a8129c 33 API calls 26702->26714 26705->26607 26706->26685 26708 7ff704a81fa0 31 API calls 26708->26714 26709->26607 26711->26607 26713->26607 26714->26678 26714->26691 26714->26697 26714->26701 26714->26702 26714->26708 26715 7ff704a9d22c 33 API calls 26714->26715 26715->26714 26717 7ff704aadb70 26716->26717 26718 7ff704aadb55 MoveFileExW 26716->26718 26717->26607 26719 7ff704a81fa0 31 API calls 26717->26719 26718->26717 26719->26717 26720->26607 26723 7ff704aaf9a3 26722->26723 26724 7ff704a820b0 33 API calls 26723->26724 26725 7ff704aaf9b9 26724->26725 26726 7ff704aaf9ee 26725->26726 26727 7ff704a820b0 33 API calls 26725->26727 27227 7ff704a8e34c 26726->27227 26727->26726 26729 7ff704aafa4b 27247 7ff704a8e7a8 26729->27247 26733 7ff704aafa61 26734 7ff704ab2320 _handle_error 8 API calls 26733->26734 26735 7ff704aabc52 26734->26735 26735->26374 28374 7ff704aa849c 26737->28374 26740 7ff704aaf4b7 26742 7ff704ab2320 _handle_error 8 API calls 26740->26742 26741 7ff704aaf3c7 GetWindow 26746 7ff704aaf3e2 26741->26746 26743 7ff704aabe9b 26742->26743 26743->26135 26743->26136 26744 7ff704aaf3ee GetClassNameW 28379 7ff704aa13c4 CompareStringW 26744->28379 26746->26740 26746->26744 26747 7ff704aaf496 GetWindow 26746->26747 26748 7ff704aaf417 GetWindowLongPtrW 26746->26748 26747->26740 26747->26746 26748->26747 26749 7ff704aaf429 SendMessageW 26748->26749 26749->26747 26750 7ff704aaf445 GetObjectW 26749->26750 28380 7ff704aa8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26750->28380 26752 7ff704aaf461 28381 7ff704aa84cc 26752->28381 28385 7ff704aa8df4 16 API calls _handle_error 26752->28385 26755 7ff704aaf479 SendMessageW DeleteObject 26755->26747 26757 7ff704a96300 26756->26757 26762 7ff704a9638d 26756->26762 26758 7ff704a813a4 33 API calls 26757->26758 26759 7ff704a9631b GetCurrentDirectoryW 26758->26759 26760 7ff704a96341 26759->26760 26761 7ff704a820b0 33 API calls 26760->26761 26763 7ff704a9634f 26761->26763 26762->26149 26763->26762 26764 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26763->26764 26765 7ff704a963a9 26764->26765 26767 7ff704a8252a SetWindowTextW 26766->26767 26768 7ff704a82527 26766->26768 26769 7ff704aee2e0 26767->26769 26768->26767 26770->26157 26773 7ff704a812d0 26771->26773 26778 7ff704a8139b 26771->26778 26775 7ff704a81338 26773->26775 26776 7ff704a81396 26773->26776 26780 7ff704a812de BuildCatchObjectHelperInternal 26773->26780 26779 7ff704ab21d0 33 API calls 26775->26779 26775->26780 26777 7ff704a81f80 Concurrency::cancel_current_task 33 API calls 26776->26777 26777->26778 28388 7ff704a82004 33 API calls std::_Xinvalid_argument 26778->28388 26779->26780 26780->26194 26781->26222 26783 7ff704a932bc 51 API calls 26782->26783 26784 7ff704a932b1 26783->26784 26784->26234 26784->26258 26785->26234 26787 7ff704a813a4 33 API calls 26786->26787 26788 7ff704a96489 26787->26788 26789 7ff704a9648c GetModuleFileNameW 26788->26789 26792 7ff704a964dc 26788->26792 26790 7ff704a964a7 26789->26790 26791 7ff704a964de 26789->26791 26790->26788 26791->26792 26793 7ff704a8129c 33 API calls 26792->26793 26795 7ff704a96506 26793->26795 26794 7ff704a9653e 26794->26300 26795->26794 26796 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26795->26796 26797 7ff704a96560 26796->26797 26798->26316 26800 7ff704a820f6 26799->26800 26802 7ff704a820cb BuildCatchObjectHelperInternal 26799->26802 28389 7ff704a81474 33 API calls 3 library calls 26800->28389 26802->26336 26803->26348 26804->26359 26805->26366 26806->26372 26807->26381 26809 7ff704ab3620 26808->26809 26809->26385 26810->26298 26812 7ff704a81177 26811->26812 26813 7ff704a82034 33 API calls 26812->26813 26814 7ff704a81185 BuildCatchObjectHelperInternal 26813->26814 26814->26314 26816 7ff704a82085 26815->26816 26818 7ff704a82059 BuildCatchObjectHelperInternal 26815->26818 28390 7ff704a815b8 26816->28390 26818->26288 26819->26342 26820->26406 26821->26431 26822->26446 26823->26458 26849 7ff704a93e28 26824->26849 26827 7ff704aa0f68 WideCharToMultiByte 26831 7ff704a9a519 26827->26831 26828 7ff704a9a589 26853 7ff704a99408 26828->26853 26831->26828 26842 7ff704a99800 31 API calls 26831->26842 26847 7ff704a9a56a SetDlgItemTextW 26831->26847 26832 7ff704a9a6f2 GetSystemMetrics GetWindow 26834 7ff704a9a821 26832->26834 26835 7ff704a9a71d 26832->26835 26833 7ff704a9a603 26836 7ff704a9a6c2 26833->26836 26837 7ff704a9a60c GetWindowLongPtrW 26833->26837 26839 7ff704ab2320 _handle_error 8 API calls 26834->26839 26835->26834 26846 7ff704a9a73e GetWindowRect 26835->26846 26848 7ff704a9a800 GetWindow 26835->26848 26868 7ff704a995a8 26836->26868 26840 7ff704aee2c0 26837->26840 26843 7ff704a9a830 26839->26843 26844 7ff704a9a6aa GetWindowRect 26840->26844 26842->26831 26843->26471 26844->26836 26845 7ff704a9a6e5 SetWindowTextW 26845->26832 26846->26835 26847->26831 26848->26834 26848->26835 26850 7ff704a93e4d _snwprintf 26849->26850 26851 7ff704ab9ef0 swprintf 46 API calls 26850->26851 26852 7ff704a93e69 26851->26852 26852->26827 26854 7ff704a995a8 47 API calls 26853->26854 26856 7ff704a9944f 26854->26856 26855 7ff704ab2320 _handle_error 8 API calls 26857 7ff704a9958e GetWindowRect GetClientRect 26855->26857 26858 7ff704a8129c 33 API calls 26856->26858 26866 7ff704a9955a 26856->26866 26857->26832 26857->26833 26859 7ff704a9949c 26858->26859 26860 7ff704a995a1 26859->26860 26861 7ff704a8129c 33 API calls 26859->26861 26862 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26860->26862 26864 7ff704a99514 26861->26864 26863 7ff704a995a7 26862->26863 26865 7ff704a9959c 26864->26865 26864->26866 26867 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26865->26867 26866->26855 26867->26860 26869 7ff704a93e28 swprintf 46 API calls 26868->26869 26870 7ff704a995eb 26869->26870 26871 7ff704aa0f68 WideCharToMultiByte 26870->26871 26872 7ff704a99603 26871->26872 26873 7ff704a99800 31 API calls 26872->26873 26874 7ff704a9961b 26873->26874 26875 7ff704ab2320 _handle_error 8 API calls 26874->26875 26876 7ff704a9962b 26875->26876 26876->26832 26876->26845 26889 7ff704a813a4 26877->26889 26880 7ff704a82494 26881 7ff704a8129c 33 API calls 26880->26881 26882 7ff704a824a2 26881->26882 26883 7ff704a824dd 26882->26883 26885 7ff704a82505 26882->26885 26884 7ff704ab2320 _handle_error 8 API calls 26883->26884 26886 7ff704a824f3 26884->26886 26887 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26885->26887 26886->26480 26888 7ff704a8250a 26887->26888 26890 7ff704a813ad 26889->26890 26891 7ff704a8142d GetWindowTextW 26889->26891 26892 7ff704a813ce 26890->26892 26893 7ff704a8143d 26890->26893 26891->26880 26896 7ff704a813db memcpy_s 26892->26896 26897 7ff704ab21d0 33 API calls 26892->26897 26900 7ff704a82018 33 API calls std::_Xinvalid_argument 26893->26900 26899 7ff704a8197c 31 API calls _invalid_parameter_noinfo_noreturn 26896->26899 26897->26896 26899->26891 26902->26505 26904 7ff704aaae80 GetDlgItem 26903->26904 26905 7ff704aaae3c GetMessageW 26903->26905 26904->26516 26904->26517 26906 7ff704aaae6a TranslateMessage DispatchMessageW 26905->26906 26907 7ff704aaae5b IsDialogMessageW 26905->26907 26906->26904 26907->26904 26907->26906 26910 7ff704a936b3 26908->26910 26909 7ff704a936e0 26928 7ff704a932bc 26909->26928 26910->26909 26911 7ff704a936cc CreateDirectoryW 26910->26911 26911->26909 26913 7ff704a9377d 26911->26913 26915 7ff704a9378d 26913->26915 27015 7ff704a93d34 26913->27015 26919 7ff704ab2320 _handle_error 8 API calls 26915->26919 26916 7ff704a93791 GetLastError 26916->26915 26921 7ff704a937b9 26919->26921 26921->26535 26922 7ff704a93720 CreateDirectoryW 26923 7ff704a9373b 26922->26923 26924 7ff704a93774 26923->26924 26925 7ff704a937ce 26923->26925 26924->26913 26924->26916 26926 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26925->26926 26927 7ff704a937d3 26926->26927 26929 7ff704a932e4 26928->26929 26930 7ff704a932e7 GetFileAttributesW 26928->26930 26929->26930 26931 7ff704a932f8 26930->26931 26939 7ff704a93375 26930->26939 26933 7ff704a96a0c 49 API calls 26931->26933 26932 7ff704ab2320 _handle_error 8 API calls 26934 7ff704a93389 26932->26934 26935 7ff704a9331f 26933->26935 26934->26916 26942 7ff704a96a0c 26934->26942 26936 7ff704a93323 GetFileAttributesW 26935->26936 26937 7ff704a9333c 26935->26937 26936->26937 26938 7ff704a93399 26937->26938 26937->26939 26940 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26938->26940 26939->26932 26941 7ff704a9339e 26940->26941 26943 7ff704a96a4b 26942->26943 26963 7ff704a96a44 26942->26963 26946 7ff704a8129c 33 API calls 26943->26946 26944 7ff704ab2320 _handle_error 8 API calls 26945 7ff704a9371c 26944->26945 26945->26922 26945->26923 26947 7ff704a96a76 26946->26947 26948 7ff704a96a96 26947->26948 26949 7ff704a96cc7 26947->26949 26951 7ff704a96ab0 26948->26951 26977 7ff704a96b49 26948->26977 26950 7ff704a962dc 35 API calls 26949->26950 26955 7ff704a96ce6 26950->26955 26952 7ff704a970ab 26951->26952 26958 7ff704a8c098 33 API calls 26951->26958 27054 7ff704a82004 33 API calls std::_Xinvalid_argument 26952->27054 26954 7ff704a96eef 26965 7ff704a8c098 33 API calls 26954->26965 26998 7ff704a970cf 26954->26998 26955->26954 26956 7ff704a96d1b 26955->26956 26961 7ff704a96b44 26955->26961 26959 7ff704a970bd 26956->26959 27029 7ff704a8c098 26956->27029 26957 7ff704a970b1 26968 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26957->26968 26964 7ff704a96b03 26958->26964 27055 7ff704a82004 33 API calls std::_Xinvalid_argument 26959->27055 26960 7ff704a970d5 26969 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26960->26969 26961->26957 26961->26960 26961->26963 26970 7ff704a970a6 26961->26970 26963->26944 26978 7ff704a81fa0 31 API calls 26964->26978 26983 7ff704a96b15 BuildCatchObjectHelperInternal 26964->26983 26971 7ff704a96f56 26965->26971 26975 7ff704a970b7 26968->26975 26976 7ff704a970db 26969->26976 26974 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26970->26974 27052 7ff704a811cc 33 API calls BuildCatchObjectHelperInternal 26971->27052 26972 7ff704a970c3 26986 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26972->26986 26973 7ff704a81fa0 31 API calls 26973->26961 26974->26952 26987 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26975->26987 26989 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 26976->26989 26977->26961 26982 7ff704a8129c 33 API calls 26977->26982 26978->26983 26980 7ff704a96f69 27053 7ff704a957ac 33 API calls BuildCatchObjectHelperInternal 26980->27053 26981 7ff704a96d76 BuildCatchObjectHelperInternal 26981->26972 26988 7ff704a81fa0 31 API calls 26981->26988 26984 7ff704a96bbe 26982->26984 26983->26973 27037 7ff704a95820 33 API calls 26984->27037 26993 7ff704a970c9 26986->26993 26987->26959 27001 7ff704a96df5 26988->27001 26990 7ff704a970e1 26989->26990 26992 7ff704a96bd3 27038 7ff704a8e164 33 API calls 2 library calls 26992->27038 27056 7ff704a8704c 47 API calls BuildCatchObjectHelperInternal 26993->27056 26995 7ff704a96f79 BuildCatchObjectHelperInternal 26995->26976 26997 7ff704a81fa0 31 API calls 26995->26997 26999 7ff704a96fec 26997->26999 27057 7ff704a82004 33 API calls std::_Xinvalid_argument 26998->27057 27002 7ff704a81fa0 31 API calls 26999->27002 27000 7ff704a96e21 27000->26993 27008 7ff704a8129c 33 API calls 27000->27008 27001->27000 27039 7ff704a81744 27001->27039 27003 7ff704a96ff6 27002->27003 27007 7ff704a81fa0 31 API calls 27003->27007 27005 7ff704a81fa0 31 API calls 27006 7ff704a96c6d 27005->27006 27010 7ff704a81fa0 31 API calls 27006->27010 27007->26961 27011 7ff704a96ec2 27008->27011 27009 7ff704a96be9 BuildCatchObjectHelperInternal 27009->26975 27009->27005 27010->26961 27012 7ff704a82034 33 API calls 27011->27012 27013 7ff704a96edf 27012->27013 27014 7ff704a81fa0 31 API calls 27013->27014 27014->26961 27016 7ff704a93d5b 27015->27016 27017 7ff704a93d5e SetFileAttributesW 27015->27017 27016->27017 27018 7ff704a93d74 27017->27018 27019 7ff704a93df5 27017->27019 27021 7ff704a96a0c 49 API calls 27018->27021 27020 7ff704ab2320 _handle_error 8 API calls 27019->27020 27022 7ff704a93e0a 27020->27022 27023 7ff704a93d99 27021->27023 27022->26915 27024 7ff704a93dbc 27023->27024 27025 7ff704a93d9d SetFileAttributesW 27023->27025 27024->27019 27026 7ff704a93e1a 27024->27026 27025->27024 27027 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27026->27027 27028 7ff704a93e1f 27027->27028 27030 7ff704a8c0e5 27029->27030 27036 7ff704a8c0fa BuildCatchObjectHelperInternal 27029->27036 27031 7ff704a8c1a5 27030->27031 27032 7ff704a8c12c 27030->27032 27030->27036 27033 7ff704a81f80 Concurrency::cancel_current_task 33 API calls 27031->27033 27035 7ff704ab21d0 33 API calls 27032->27035 27032->27036 27034 7ff704a8c1aa 27033->27034 27035->27036 27036->26981 27037->26992 27038->27009 27043 7ff704a81784 27039->27043 27051 7ff704a818a1 27039->27051 27041 7ff704a817ac BuildCatchObjectHelperInternal 27049 7ff704a81859 BuildCatchObjectHelperInternal 27041->27049 27050 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27041->27050 27042 7ff704a818a7 27044 7ff704a81f80 Concurrency::cancel_current_task 33 API calls 27042->27044 27043->27041 27043->27042 27047 7ff704ab21d0 33 API calls 27043->27047 27045 7ff704a818ad 27044->27045 27059 7ff704ab354c 31 API calls __std_exception_copy 27045->27059 27047->27041 27048 7ff704a818d9 27048->27000 27049->27000 27050->27051 27058 7ff704a82004 33 API calls std::_Xinvalid_argument 27051->27058 27052->26980 27053->26995 27056->26998 27059->27048 27061 7ff704a8713b 27060->27061 27062 7ff704a87206 27060->27062 27067 7ff704a8714b BuildCatchObjectHelperInternal 27061->27067 27069 7ff704a83f48 33 API calls 2 library calls 27061->27069 27070 7ff704a8704c 47 API calls BuildCatchObjectHelperInternal 27062->27070 27064 7ff704a8720b 27066 7ff704a87273 27064->27066 27071 7ff704a8889c 8 API calls BuildCatchObjectHelperInternal 27064->27071 27066->26551 27067->26551 27069->27067 27070->27064 27071->27064 27073 7ff704a920ea 27072->27073 27076 7ff704a92102 27072->27076 27075 7ff704a920f6 CloseHandle 27073->27075 27073->27076 27074 7ff704a92126 27074->26570 27075->27076 27076->27074 27078 7ff704a8b544 99 API calls 27076->27078 27078->27074 27080 7ff704aaaa2f 27079->27080 27081 7ff704aaaa36 27079->27081 27080->26607 27081->27080 27082 7ff704a81744 33 API calls 27081->27082 27082->27081 27083->26607 27085 7ff704aaa47f 27084->27085 27106 7ff704aaa706 27084->27106 27215 7ff704aacdf8 33 API calls 27085->27215 27087 7ff704ab2320 _handle_error 8 API calls 27089 7ff704aaa717 27087->27089 27088 7ff704aaa49e 27090 7ff704a8129c 33 API calls 27088->27090 27089->26651 27091 7ff704aaa4de 27090->27091 27092 7ff704a8129c 33 API calls 27091->27092 27093 7ff704aaa517 27092->27093 27094 7ff704a8129c 33 API calls 27093->27094 27095 7ff704aaa54a 27094->27095 27216 7ff704aaa834 33 API calls _invalid_parameter_noinfo_noreturn 27095->27216 27097 7ff704aaa734 27098 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27097->27098 27099 7ff704aaa73a 27098->27099 27102 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27099->27102 27100 7ff704aaa740 27103 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27100->27103 27101 7ff704aaa573 27101->27097 27101->27099 27101->27100 27104 7ff704a820b0 33 API calls 27101->27104 27105 7ff704aaa685 27101->27105 27102->27100 27107 7ff704aaa746 27103->27107 27104->27105 27105->27106 27105->27107 27108 7ff704aaa72f 27105->27108 27106->27087 27109 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27107->27109 27111 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27108->27111 27110 7ff704aaa74c 27109->27110 27112 7ff704a8255c 61 API calls 27110->27112 27111->27097 27113 7ff704aaa795 27112->27113 27114 7ff704aaa7b1 27113->27114 27115 7ff704aaa801 SetDlgItemTextW 27113->27115 27119 7ff704aaa7a1 27113->27119 27116 7ff704ab2320 _handle_error 8 API calls 27114->27116 27115->27114 27117 7ff704aaa827 27116->27117 27117->26651 27118 7ff704aaa7ad 27118->27114 27120 7ff704aaa7b7 EndDialog 27118->27120 27119->27114 27119->27118 27217 7ff704a9bb00 102 API calls 27119->27217 27120->27114 27127 7ff704aaf529 memcpy_s 27122->27127 27140 7ff704aaf87d 27122->27140 27123 7ff704a81fa0 31 API calls 27124 7ff704aaf89c 27123->27124 27125 7ff704ab2320 _handle_error 8 API calls 27124->27125 27126 7ff704aaf8a8 27125->27126 27126->26663 27128 7ff704aaf684 27127->27128 27218 7ff704aa13c4 CompareStringW 27127->27218 27130 7ff704a8129c 33 API calls 27128->27130 27131 7ff704aaf6c0 27130->27131 27132 7ff704a932a8 51 API calls 27131->27132 27133 7ff704aaf6ca 27132->27133 27134 7ff704a81fa0 31 API calls 27133->27134 27137 7ff704aaf6d5 27134->27137 27135 7ff704aaf742 ShellExecuteExW 27136 7ff704aaf846 27135->27136 27142 7ff704aaf755 27135->27142 27136->27140 27144 7ff704aaf8fb 27136->27144 27137->27135 27139 7ff704a8129c 33 API calls 27137->27139 27138 7ff704aaf78e 27220 7ff704aafe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 27138->27220 27143 7ff704aaf717 27139->27143 27140->27123 27141 7ff704aaf7e3 CloseHandle 27147 7ff704aaf7f2 27141->27147 27148 7ff704aaf801 27141->27148 27142->27138 27142->27141 27149 7ff704aaf781 ShowWindow 27142->27149 27219 7ff704a95b60 53 API calls 2 library calls 27143->27219 27146 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27144->27146 27152 7ff704aaf900 27146->27152 27221 7ff704aa13c4 CompareStringW 27147->27221 27148->27136 27156 7ff704aaf837 ShowWindow 27148->27156 27149->27138 27151 7ff704aaf725 27155 7ff704a81fa0 31 API calls 27151->27155 27154 7ff704aaf7a6 27154->27141 27158 7ff704aaf7b4 GetExitCodeProcess 27154->27158 27157 7ff704aaf72f 27155->27157 27156->27136 27157->27135 27158->27141 27159 7ff704aaf7c7 27158->27159 27159->27141 27160->26607 27161->26607 27162->26607 27163->26607 27164->26607 27165->26607 27166->26607 27167->26607 27168->26607 27169->26607 27171 7ff704a972ea 27170->27171 27222 7ff704a8b3a8 27171->27222 27175 7ff704a931e4 27174->27175 27176 7ff704a931e7 DeleteFileW 27174->27176 27175->27176 27177 7ff704a931fd 27176->27177 27184 7ff704a9327c 27176->27184 27179 7ff704a96a0c 49 API calls 27177->27179 27178 7ff704ab2320 _handle_error 8 API calls 27180 7ff704a93291 27178->27180 27181 7ff704a93222 27179->27181 27180->26607 27182 7ff704a93226 DeleteFileW 27181->27182 27183 7ff704a93243 27181->27183 27182->27183 27183->27184 27185 7ff704a932a1 27183->27185 27184->27178 27186 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27185->27186 27187 7ff704a932a6 27186->27187 27189->26607 27190->26607 27191->26607 27192->26607 27194 7ff704a97e0c 27193->27194 27195 7ff704a97e23 27194->27195 27196 7ff704a97e55 27194->27196 27198 7ff704a8129c 33 API calls 27195->27198 27226 7ff704a8704c 47 API calls BuildCatchObjectHelperInternal 27196->27226 27200 7ff704a97e47 27198->27200 27199 7ff704a97e5a 27200->26607 27201->26607 27202->26607 27204 7ff704a9d25e 27203->27204 27205 7ff704a9d292 27204->27205 27206 7ff704a81744 33 API calls 27204->27206 27205->26714 27206->27204 27207->26614 27209->26580 27210->26583 27211->26586 27212->26641 27215->27088 27216->27101 27217->27118 27218->27128 27219->27151 27220->27154 27221->27148 27225 7ff704a8b3f2 memcpy_s 27222->27225 27223 7ff704ab2320 _handle_error 8 API calls 27224 7ff704a8b4b6 27223->27224 27224->26607 27225->27223 27226->27199 27283 7ff704a986ec 27227->27283 27229 7ff704a8e3c4 27293 7ff704a8e600 27229->27293 27231 7ff704a8e454 27232 7ff704a8e4d4 27231->27232 27233 7ff704a8e549 27231->27233 27234 7ff704ab21d0 33 API calls 27232->27234 27235 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27233->27235 27236 7ff704a8e4f0 27234->27236 27243 7ff704a8e54e 27235->27243 27299 7ff704aa3148 102 API calls 27236->27299 27238 7ff704a8e51d 27239 7ff704ab2320 _handle_error 8 API calls 27238->27239 27240 7ff704a8e52d 27239->27240 27240->26729 27241 7ff704a918c2 27242 7ff704a9190d 27241->27242 27245 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27241->27245 27242->26729 27243->27241 27243->27242 27244 7ff704a81fa0 31 API calls 27243->27244 27244->27243 27246 7ff704a9193b 27245->27246 27248 7ff704a8e7ea 27247->27248 27249 7ff704a8e864 27248->27249 27251 7ff704a8e8a1 27248->27251 27315 7ff704a93ec8 27248->27315 27249->27251 27252 7ff704a8e993 27249->27252 27259 7ff704a8e900 27251->27259 27322 7ff704a8f578 27251->27322 27253 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27252->27253 27256 7ff704a8e998 27253->27256 27254 7ff704a8e955 27255 7ff704ab2320 _handle_error 8 API calls 27254->27255 27258 7ff704a8e97e 27255->27258 27261 7ff704a8e578 27258->27261 27259->27254 27358 7ff704a828a4 82 API calls 2 library calls 27259->27358 28360 7ff704a915d8 27261->28360 27264 7ff704a8e59e 27266 7ff704a81fa0 31 API calls 27264->27266 27265 7ff704aa1870 108 API calls 27265->27264 27267 7ff704a8e5b7 27266->27267 27268 7ff704a81fa0 31 API calls 27267->27268 27269 7ff704a8e5c3 27268->27269 27270 7ff704a81fa0 31 API calls 27269->27270 27271 7ff704a8e5cf 27270->27271 27272 7ff704a9878c 108 API calls 27271->27272 27273 7ff704a8e5db 27272->27273 27274 7ff704a81fa0 31 API calls 27273->27274 27275 7ff704a8e5e4 27274->27275 27276 7ff704a81fa0 31 API calls 27275->27276 27277 7ff704a8e5ed 27276->27277 27278 7ff704a9190d 27277->27278 27279 7ff704a918c2 27277->27279 27280 7ff704a81fa0 31 API calls 27277->27280 27278->26733 27279->27278 27281 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27279->27281 27280->27277 27282 7ff704a9193b 27281->27282 27284 7ff704a9870a 27283->27284 27285 7ff704ab21d0 33 API calls 27284->27285 27286 7ff704a9872f 27285->27286 27287 7ff704a98743 27286->27287 27300 7ff704a89f1c 27286->27300 27289 7ff704ab21d0 33 API calls 27287->27289 27290 7ff704a98759 27289->27290 27291 7ff704a9876b 27290->27291 27292 7ff704a89f1c 33 API calls 27290->27292 27291->27229 27292->27291 27294 7ff704a8e627 27293->27294 27296 7ff704a8e62c BuildCatchObjectHelperInternal 27293->27296 27295 7ff704a81fa0 31 API calls 27294->27295 27295->27296 27297 7ff704a81fa0 31 API calls 27296->27297 27298 7ff704a8e668 BuildCatchObjectHelperInternal 27296->27298 27297->27298 27298->27231 27299->27238 27305 7ff704ab24a0 27300->27305 27303 7ff704ab24a0 33 API calls 27304 7ff704a89f75 memcpy_s 27303->27304 27304->27287 27307 7ff704ab24d1 27305->27307 27306 7ff704a89f4a 27306->27303 27307->27306 27309 7ff704a89fb0 27307->27309 27312 7ff704a9b788 27309->27312 27311 7ff704a89fc2 27311->27307 27313 7ff704a813a4 33 API calls 27312->27313 27314 7ff704a9b7ad 27313->27314 27314->27311 27316 7ff704a972cc 8 API calls 27315->27316 27317 7ff704a93ee1 27316->27317 27318 7ff704a93f0f 27317->27318 27359 7ff704a940bc 27317->27359 27318->27248 27321 7ff704a93efa FindClose 27321->27318 27323 7ff704a8f598 _snwprintf 27322->27323 27398 7ff704a82950 27323->27398 27326 7ff704a8f5cc 27331 7ff704a8f5fc 27326->27331 27415 7ff704a833e4 27326->27415 27329 7ff704a8f5f8 27329->27331 27447 7ff704a83ad8 27329->27447 27668 7ff704a82c54 27331->27668 27337 7ff704a8f7cb 27457 7ff704a8f8a4 27337->27457 27338 7ff704a88d04 33 API calls 27340 7ff704a8f662 27338->27340 27688 7ff704a97918 48 API calls 2 library calls 27340->27688 27342 7ff704a8f677 27343 7ff704a93ec8 55 API calls 27342->27343 27350 7ff704a8f6ad 27343->27350 27345 7ff704a8f842 27345->27331 27478 7ff704a869f8 27345->27478 27489 7ff704a8f930 27345->27489 27351 7ff704a8f89a 27350->27351 27352 7ff704a8f74d 27350->27352 27353 7ff704a93ec8 55 API calls 27350->27353 27689 7ff704a97918 48 API calls 2 library calls 27350->27689 27354 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27351->27354 27352->27337 27352->27351 27355 7ff704a8f895 27352->27355 27353->27350 27357 7ff704a8f8a0 27354->27357 27356 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27355->27356 27356->27351 27358->27254 27360 7ff704a941d2 FindNextFileW 27359->27360 27361 7ff704a940f9 FindFirstFileW 27359->27361 27363 7ff704a941e1 GetLastError 27360->27363 27364 7ff704a941f3 27360->27364 27361->27364 27365 7ff704a9411e 27361->27365 27383 7ff704a941c0 27363->27383 27368 7ff704a820b0 33 API calls 27364->27368 27370 7ff704a94211 27364->27370 27366 7ff704a96a0c 49 API calls 27365->27366 27367 7ff704a94144 27366->27367 27371 7ff704a94167 27367->27371 27372 7ff704a94148 FindFirstFileW 27367->27372 27368->27370 27369 7ff704ab2320 _handle_error 8 API calls 27373 7ff704a93ef4 27369->27373 27374 7ff704a8129c 33 API calls 27370->27374 27371->27364 27376 7ff704a941af GetLastError 27371->27376 27379 7ff704a94314 27371->27379 27372->27371 27373->27318 27373->27321 27375 7ff704a9423b 27374->27375 27385 7ff704a98090 27375->27385 27376->27383 27380 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27379->27380 27381 7ff704a9431a 27380->27381 27382 7ff704a9430f 27384 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27382->27384 27383->27369 27384->27379 27386 7ff704a980a5 27385->27386 27389 7ff704a98188 27386->27389 27388 7ff704a94249 27388->27382 27388->27383 27390 7ff704a98326 27389->27390 27393 7ff704a981ba 27389->27393 27397 7ff704a8704c 47 API calls BuildCatchObjectHelperInternal 27390->27397 27392 7ff704a9832b 27395 7ff704a981d4 BuildCatchObjectHelperInternal 27393->27395 27396 7ff704a958a4 33 API calls 2 library calls 27393->27396 27395->27388 27396->27395 27397->27392 27399 7ff704a8296c 27398->27399 27400 7ff704a89f1c 33 API calls 27399->27400 27401 7ff704a82980 27400->27401 27402 7ff704a986ec 33 API calls 27401->27402 27403 7ff704a8298d 27402->27403 27404 7ff704a82ac2 27403->27404 27405 7ff704ab21d0 33 API calls 27403->27405 27697 7ff704a94d04 27404->27697 27406 7ff704a82ab0 27405->27406 27406->27404 27690 7ff704a891c8 27406->27690 27410 7ff704a92ca8 27726 7ff704a924c0 27410->27726 27412 7ff704a92cc5 27412->27326 27745 7ff704a928d0 27415->27745 27416 7ff704a83431 memcpy_s 27425 7ff704a8344e 27416->27425 27427 7ff704a83601 27416->27427 27750 7ff704a92bb0 27416->27750 27417 7ff704a83674 27764 7ff704a828a4 82 API calls 2 library calls 27417->27764 27419 7ff704a869f8 132 API calls 27421 7ff704a83682 27419->27421 27421->27419 27422 7ff704a8370c 27421->27422 27421->27427 27439 7ff704a92aa0 101 API calls 27421->27439 27422->27427 27428 7ff704a83740 27422->27428 27765 7ff704a828a4 82 API calls 2 library calls 27422->27765 27424 7ff704a835cb 27424->27425 27426 7ff704a835d7 27424->27426 27425->27417 27425->27421 27426->27427 27430 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27426->27430 27427->27329 27428->27427 27429 7ff704a8384d 27428->27429 27438 7ff704a92bb0 101 API calls 27428->27438 27429->27427 27432 7ff704a820b0 33 API calls 27429->27432 27433 7ff704a83891 27430->27433 27431 7ff704a834eb 27431->27424 27759 7ff704a92aa0 27431->27759 27432->27427 27433->27329 27434 7ff704a869f8 132 API calls 27436 7ff704a8378e 27434->27436 27436->27434 27437 7ff704a83803 27436->27437 27441 7ff704a92aa0 101 API calls 27436->27441 27445 7ff704a92aa0 101 API calls 27437->27445 27438->27436 27439->27421 27440 7ff704a928d0 104 API calls 27440->27424 27441->27436 27445->27429 27446 7ff704a928d0 104 API calls 27446->27431 27448 7ff704a83b55 27447->27448 27449 7ff704a83af9 27447->27449 27450 7ff704ab2320 _handle_error 8 API calls 27448->27450 27777 7ff704a83378 27449->27777 27452 7ff704a83b67 27450->27452 27452->27337 27452->27338 27454 7ff704a83b6c 27455 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27454->27455 27456 7ff704a83b71 27455->27456 28009 7ff704a9886c 27457->28009 27459 7ff704a8f8ba 28013 7ff704a9ef60 GetSystemTime SystemTimeToFileTime 27459->28013 27462 7ff704aa0994 27463 7ff704ab0340 27462->27463 27464 7ff704a97df4 47 API calls 27463->27464 27465 7ff704ab0373 27464->27465 27466 7ff704a9aae0 48 API calls 27465->27466 27467 7ff704ab0387 27466->27467 27468 7ff704a9da98 48 API calls 27467->27468 27469 7ff704ab0397 27468->27469 27470 7ff704a81fa0 31 API calls 27469->27470 27471 7ff704ab03a2 27470->27471 28025 7ff704aafc68 49 API calls 2 library calls 27471->28025 27473 7ff704ab03b8 27474 7ff704a81fa0 31 API calls 27473->27474 27475 7ff704ab03c3 27474->27475 27479 7ff704a86a0e 27478->27479 27484 7ff704a86a0a 27478->27484 27488 7ff704a92bb0 101 API calls 27479->27488 27480 7ff704a86a1b 27481 7ff704a86a3e 27480->27481 27482 7ff704a86a2f 27480->27482 28088 7ff704a85130 130 API calls 2 library calls 27481->28088 27482->27484 28026 7ff704a85e24 27482->28026 27484->27345 27485 7ff704a86a3c 27485->27484 28089 7ff704a8466c 82 API calls 27485->28089 27488->27480 27490 7ff704a8f978 27489->27490 27493 7ff704a8f9b0 27490->27493 27547 7ff704a8fa34 27490->27547 28203 7ff704aa612c 137 API calls 3 library calls 27490->28203 27492 7ff704a91189 27494 7ff704a911e1 27492->27494 27495 7ff704a9118e 27492->27495 27493->27492 27499 7ff704a8f9d0 27493->27499 27493->27547 27494->27547 28252 7ff704aa612c 137 API calls 3 library calls 27494->28252 27495->27547 28251 7ff704a8dd08 179 API calls 27495->28251 27496 7ff704ab2320 _handle_error 8 API calls 27497 7ff704a911c4 27496->27497 27497->27345 27499->27547 28118 7ff704a89bb0 27499->28118 27502 7ff704a8fad6 28131 7ff704a95ef8 27502->28131 27547->27496 27669 7ff704a82c88 27668->27669 27670 7ff704a82c74 27668->27670 27671 7ff704a81fa0 31 API calls 27669->27671 27670->27669 28339 7ff704a82d80 108 API calls _invalid_parameter_noinfo_noreturn 27670->28339 27673 7ff704a82ca1 27671->27673 27676 7ff704a82d64 27673->27676 28340 7ff704a83090 31 API calls _invalid_parameter_noinfo_noreturn 27673->28340 27675 7ff704a82d08 28341 7ff704a83090 31 API calls _invalid_parameter_noinfo_noreturn 27675->28341 27677 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27676->27677 27679 7ff704a82d7c 27677->27679 27680 7ff704a82d14 27681 7ff704a81fa0 31 API calls 27680->27681 27682 7ff704a82d20 27681->27682 28342 7ff704a9878c 27682->28342 27688->27342 27689->27350 27707 7ff704a956a4 27690->27707 27692 7ff704a891df 27693 7ff704a9b788 33 API calls 27692->27693 27694 7ff704a89365 27693->27694 27710 7ff704a89a28 27694->27710 27696 7ff704a89383 27696->27404 27698 7ff704a94d32 memcpy_s 27697->27698 27722 7ff704a94bac 27698->27722 27700 7ff704a94d54 27701 7ff704a94d90 27700->27701 27703 7ff704a94dae 27700->27703 27702 7ff704ab2320 _handle_error 8 API calls 27701->27702 27704 7ff704a82b32 27702->27704 27705 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27703->27705 27704->27326 27704->27410 27706 7ff704a94db3 27705->27706 27713 7ff704a956e8 27707->27713 27711 7ff704a956e8 2 API calls 27710->27711 27712 7ff704a89a36 27711->27712 27712->27696 27714 7ff704a956fe memcpy_s 27713->27714 27717 7ff704a9eba4 27714->27717 27720 7ff704a9eb58 GetCurrentProcess GetProcessAffinityMask 27717->27720 27721 7ff704a956de 27720->27721 27721->27692 27723 7ff704a94c2f BuildCatchObjectHelperInternal 27722->27723 27724 7ff704a94c27 27722->27724 27723->27700 27725 7ff704a81fa0 31 API calls 27724->27725 27725->27723 27727 7ff704a924fd CreateFileW 27726->27727 27729 7ff704a925ae GetLastError 27727->27729 27737 7ff704a9266e 27727->27737 27730 7ff704a96a0c 49 API calls 27729->27730 27731 7ff704a925dc 27730->27731 27732 7ff704a925e0 CreateFileW GetLastError 27731->27732 27736 7ff704a9262c 27731->27736 27732->27736 27733 7ff704a926b1 SetFileTime 27739 7ff704a926cf 27733->27739 27734 7ff704a92708 27735 7ff704ab2320 _handle_error 8 API calls 27734->27735 27738 7ff704a9271b 27735->27738 27736->27737 27741 7ff704a92736 27736->27741 27737->27733 27737->27739 27738->27412 27744 7ff704a8b7e8 99 API calls 2 library calls 27738->27744 27739->27734 27740 7ff704a820b0 33 API calls 27739->27740 27740->27734 27742 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27741->27742 27743 7ff704a9273b 27742->27743 27744->27412 27746 7ff704a928f6 27745->27746 27748 7ff704a928fd 27745->27748 27746->27416 27748->27746 27749 7ff704a92320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 27748->27749 27766 7ff704a8b8a4 99 API calls std::_Xinvalid_argument 27748->27766 27749->27748 27751 7ff704a92bcd 27750->27751 27756 7ff704a92be9 27750->27756 27752 7ff704a834cc 27751->27752 27767 7ff704a8b9c4 99 API calls std::_Xinvalid_argument 27751->27767 27752->27446 27754 7ff704a92c01 SetFilePointer 27754->27752 27755 7ff704a92c1e GetLastError 27754->27755 27755->27752 27757 7ff704a92c28 27755->27757 27756->27752 27756->27754 27757->27752 27768 7ff704a8b9c4 99 API calls std::_Xinvalid_argument 27757->27768 27769 7ff704a92778 27759->27769 27762 7ff704a835a7 27762->27424 27762->27440 27764->27427 27765->27428 27775 7ff704a92789 _snwprintf 27769->27775 27770 7ff704a927b5 27772 7ff704ab2320 _handle_error 8 API calls 27770->27772 27771 7ff704a92890 SetFilePointer 27771->27770 27774 7ff704a928b8 GetLastError 27771->27774 27773 7ff704a9281d 27772->27773 27773->27762 27776 7ff704a8b9c4 99 API calls std::_Xinvalid_argument 27773->27776 27774->27770 27775->27770 27775->27771 27778 7ff704a83396 27777->27778 27779 7ff704a8339a 27777->27779 27778->27448 27778->27454 27783 7ff704a83294 27779->27783 27782 7ff704a92aa0 101 API calls 27782->27778 27784 7ff704a832bb 27783->27784 27786 7ff704a832f6 27783->27786 27785 7ff704a869f8 132 API calls 27784->27785 27789 7ff704a832db 27785->27789 27791 7ff704a86e74 27786->27791 27789->27782 27793 7ff704a86e95 27791->27793 27792 7ff704a869f8 132 API calls 27792->27793 27793->27792 27795 7ff704a8331d 27793->27795 27823 7ff704a9e808 27793->27823 27795->27789 27796 7ff704a83904 27795->27796 27831 7ff704a86a7c 27796->27831 27799 7ff704a8396a 27803 7ff704a8399a 27799->27803 27804 7ff704a83989 27799->27804 27800 7ff704a83a8a 27805 7ff704ab2320 _handle_error 8 API calls 27800->27805 27802 7ff704a8394f 27802->27800 27806 7ff704a83ab3 27802->27806 27813 7ff704a83ab8 27802->27813 27809 7ff704a839ec 27803->27809 27810 7ff704a839a3 27803->27810 27863 7ff704aa0d54 27804->27863 27808 7ff704a83a9e 27805->27808 27811 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27806->27811 27808->27789 27869 7ff704a826b4 33 API calls BuildCatchObjectHelperInternal 27809->27869 27868 7ff704aa0c80 33 API calls 27810->27868 27811->27813 27818 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27813->27818 27814 7ff704a839b0 27819 7ff704a81fa0 31 API calls 27814->27819 27822 7ff704a839c0 BuildCatchObjectHelperInternal 27814->27822 27816 7ff704a81fa0 31 API calls 27816->27802 27817 7ff704a83a13 27870 7ff704aa0ae8 34 API calls _invalid_parameter_noinfo_noreturn 27817->27870 27821 7ff704a83abe 27818->27821 27819->27822 27822->27816 27824 7ff704a9e811 27823->27824 27825 7ff704a9e82b 27824->27825 27829 7ff704a8b664 RtlPcToFileHeader RaiseException std::_Xinvalid_argument 27824->27829 27827 7ff704a9e845 SetThreadExecutionState 27825->27827 27830 7ff704a8b664 RtlPcToFileHeader RaiseException std::_Xinvalid_argument 27825->27830 27829->27825 27830->27827 27832 7ff704a86a96 _snwprintf 27831->27832 27833 7ff704a86ae4 27832->27833 27834 7ff704a86ac4 27832->27834 27836 7ff704a86d4d 27833->27836 27839 7ff704a86b0f 27833->27839 27909 7ff704a828a4 82 API calls 2 library calls 27834->27909 27938 7ff704a828a4 82 API calls 2 library calls 27836->27938 27838 7ff704a86ad0 27840 7ff704ab2320 _handle_error 8 API calls 27838->27840 27839->27838 27871 7ff704aa1f94 27839->27871 27841 7ff704a8394b 27840->27841 27841->27799 27841->27802 27867 7ff704a82794 33 API calls __std_swap_ranges_trivially_swappable 27841->27867 27844 7ff704a86b85 27845 7ff704a86c2a 27844->27845 27862 7ff704a86b7b 27844->27862 27915 7ff704a98968 109 API calls 27844->27915 27880 7ff704a94760 27845->27880 27846 7ff704a86b6e 27910 7ff704a828a4 82 API calls 2 library calls 27846->27910 27847 7ff704a86b80 27847->27844 27911 7ff704a840b0 27847->27911 27853 7ff704a86c52 27854 7ff704a86cc7 27853->27854 27855 7ff704a86cd1 27853->27855 27884 7ff704a91794 27854->27884 27916 7ff704aa1f20 27855->27916 27858 7ff704a86ccf 27899 7ff704aa1870 27862->27899 27865 7ff704aa0d8c 27863->27865 27864 7ff704aa0f48 27864->27802 27865->27864 27866 7ff704a81744 33 API calls 27865->27866 27866->27865 27867->27799 27868->27814 27869->27817 27870->27802 27872 7ff704aa2056 std::bad_alloc::bad_alloc 27871->27872 27874 7ff704aa1fc5 std::bad_alloc::bad_alloc 27871->27874 27873 7ff704ab4078 std::_Xinvalid_argument 2 API calls 27872->27873 27873->27874 27875 7ff704ab4078 std::_Xinvalid_argument 2 API calls 27874->27875 27876 7ff704aa200f std::bad_alloc::bad_alloc 27874->27876 27877 7ff704a86b59 27874->27877 27875->27876 27876->27877 27878 7ff704ab4078 std::_Xinvalid_argument 2 API calls 27876->27878 27877->27844 27877->27846 27877->27847 27879 7ff704aa20a9 27878->27879 27881 7ff704a94780 27880->27881 27883 7ff704a9478a 27880->27883 27882 7ff704ab21d0 33 API calls 27881->27882 27882->27883 27883->27853 27885 7ff704a917be memcpy_s 27884->27885 27939 7ff704a98a48 27885->27939 27900 7ff704aa188e 27899->27900 27902 7ff704aa18a1 27900->27902 27959 7ff704a9e948 27900->27959 27906 7ff704aa18d8 27902->27906 27955 7ff704ab236c 27902->27955 27904 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 27905 7ff704aa1ad0 27904->27905 27908 7ff704aa1a37 27906->27908 27966 7ff704a9a984 31 API calls _invalid_parameter_noinfo_noreturn 27906->27966 27908->27904 27909->27838 27910->27862 27912 7ff704a840d7 memcpy_s 27911->27912 27913 7ff704a840dd 27911->27913 27912->27844 27913->27912 27967 7ff704a84120 27913->27967 27915->27845 27917 7ff704aa1f29 27916->27917 27918 7ff704aa1f5d 27917->27918 27919 7ff704aa1f55 27917->27919 27920 7ff704aa1f49 27917->27920 27918->27858 28005 7ff704aa3964 151 API calls 27919->28005 27973 7ff704aa20ac 27920->27973 27938->27838 27941 7ff704a98bcd 27939->27941 27945 7ff704a98a91 BuildCatchObjectHelperInternal 27939->27945 27945->27941 27957 7ff704ab239f 27955->27957 27956 7ff704ab23c8 27956->27906 27957->27956 27958 7ff704aa1870 108 API calls 27957->27958 27958->27957 27960 7ff704a9ecd8 103 API calls 27959->27960 27961 7ff704a9e95f ReleaseSemaphore 27960->27961 27962 7ff704a9e984 27961->27962 27963 7ff704a9e9a3 DeleteCriticalSection CloseHandle CloseHandle 27961->27963 27964 7ff704a9ea5c 101 API calls 27962->27964 27966->27908 27970 7ff704a84149 27967->27970 27971 7ff704a84168 memcpy_s __std_swap_ranges_trivially_swappable 27967->27971 27968 7ff704a82018 33 API calls 27969 7ff704a841eb 27968->27969 27970->27971 27972 7ff704ab21d0 33 API calls 27970->27972 27971->27968 27972->27971 28005->27918 28010 7ff704a98882 28009->28010 28011 7ff704a98892 28009->28011 28016 7ff704a923f0 28010->28016 28011->27459 28014 7ff704ab2320 _handle_error 8 API calls 28013->28014 28015 7ff704a8f7dc 28014->28015 28015->27345 28015->27462 28023 7ff704a92bb0 101 API calls 28016->28023 28017 7ff704a9240f 28024 7ff704a92aa0 101 API calls 28017->28024 28018 7ff704a92428 28021 7ff704a92bb0 101 API calls 28018->28021 28019 7ff704a92438 28022 7ff704a92aa0 101 API calls 28019->28022 28020 7ff704a92451 28020->28011 28021->28019 28022->28020 28023->28017 28024->28018 28025->27473 28027 7ff704a85e67 28026->28027 28090 7ff704a985f0 28027->28090 28029 7ff704a86134 28100 7ff704a86fcc 82 API calls 28029->28100 28033 7ff704a86973 28112 7ff704a8466c 82 API calls 28033->28112 28036 7ff704a8612e 28036->28029 28036->28033 28040 7ff704a985f0 104 API calls 28036->28040 28042 7ff704a861a4 28040->28042 28042->28029 28046 7ff704a861ac 28042->28046 28084 7ff704a8613c 28088->27485 28091 7ff704a98614 28090->28091 28092 7ff704a9869a 28090->28092 28094 7ff704a840b0 33 API calls 28091->28094 28097 7ff704a9867c 28091->28097 28093 7ff704a840b0 33 API calls 28092->28093 28092->28097 28095 7ff704a986b3 28093->28095 28096 7ff704a9864d 28094->28096 28099 7ff704a928d0 104 API calls 28095->28099 28113 7ff704a8a174 28096->28113 28097->28036 28099->28097 28100->28084 28114 7ff704a8a185 28113->28114 28119 7ff704a89be7 28118->28119 28123 7ff704a89c83 28119->28123 28126 7ff704a89c1b 28119->28126 28127 7ff704a89cae 28119->28127 28253 7ff704a95294 28119->28253 28271 7ff704a9db60 28119->28271 28120 7ff704ab2320 _handle_error 8 API calls 28121 7ff704a89c9d 28120->28121 28121->27502 28125 7ff704a81fa0 31 API calls 28123->28125 28125->28126 28126->28120 28128 7ff704a89cbf 28127->28128 28275 7ff704a9da48 CompareStringW 28127->28275 28128->28123 28130 7ff704a820b0 33 API calls 28128->28130 28130->28123 28144 7ff704a95f3a 28131->28144 28132 7ff704ab2320 _handle_error 8 API calls 28135 7ff704a8129c 33 API calls 28137 7ff704a96129 28135->28137 28140 7ff704a9619b 28140->28132 28143 7ff704a961ce 28279 7ff704a8704c 47 API calls BuildCatchObjectHelperInternal 28143->28279 28144->28135 28144->28140 28144->28143 28203->27493 28251->27547 28252->27547 28254 7ff704a952d4 28253->28254 28259 7ff704a95312 __vcrt_FlsAlloc 28254->28259 28266 7ff704a95339 __vcrt_FlsAlloc 28254->28266 28276 7ff704aa13f4 CompareStringW 28254->28276 28255 7ff704ab2320 _handle_error 8 API calls 28256 7ff704a95503 28255->28256 28256->28119 28260 7ff704a95382 __vcrt_FlsAlloc 28259->28260 28259->28266 28277 7ff704aa13f4 CompareStringW 28259->28277 28261 7ff704a95439 28260->28261 28262 7ff704a8129c 33 API calls 28260->28262 28260->28266 28265 7ff704a9551b 28261->28265 28267 7ff704a95489 28261->28267 28263 7ff704a95426 28262->28263 28264 7ff704a972cc 8 API calls 28263->28264 28264->28261 28269 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 28265->28269 28266->28255 28267->28266 28278 7ff704aa13f4 CompareStringW 28267->28278 28270 7ff704a95520 28269->28270 28272 7ff704a9db73 28271->28272 28273 7ff704a820b0 33 API calls 28272->28273 28274 7ff704a9db91 28272->28274 28273->28274 28274->28119 28275->28128 28276->28259 28277->28260 28278->28266 28339->27669 28340->27675 28341->27680 28343 7ff704a987af 28342->28343 28344 7ff704a987df 28342->28344 28345 7ff704ab236c 108 API calls 28343->28345 28348 7ff704ab236c 108 API calls 28344->28348 28355 7ff704a9882b 28344->28355 28347 7ff704a987ca 28345->28347 28350 7ff704ab236c 108 API calls 28347->28350 28351 7ff704a98814 28348->28351 28349 7ff704a98845 28352 7ff704a9461c 108 API calls 28349->28352 28350->28344 28353 7ff704ab236c 108 API calls 28351->28353 28354 7ff704a98851 28352->28354 28353->28355 28356 7ff704a9461c 28355->28356 28357 7ff704a94632 28356->28357 28359 7ff704a9463a 28356->28359 28358 7ff704a9e948 108 API calls 28357->28358 28358->28359 28359->28349 28361 7ff704a9163e 28360->28361 28365 7ff704a91681 28360->28365 28364 7ff704a931bc 51 API calls 28361->28364 28361->28365 28362 7ff704a81fa0 31 API calls 28362->28365 28363 7ff704a8e600 31 API calls 28367 7ff704a916de 28363->28367 28364->28361 28365->28362 28370 7ff704a916a0 28365->28370 28366 7ff704a9178d 28372 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 28366->28372 28367->28366 28368 7ff704a9175b 28367->28368 28369 7ff704ab2320 _handle_error 8 API calls 28368->28369 28371 7ff704a8e58a 28369->28371 28370->28363 28371->27264 28371->27265 28373 7ff704a91792 28372->28373 28375 7ff704aa84cc 4 API calls 28374->28375 28376 7ff704aa84aa 28375->28376 28378 7ff704aa84b9 28376->28378 28386 7ff704aa8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28376->28386 28378->26740 28378->26741 28379->26746 28380->26752 28382 7ff704aa84e3 28381->28382 28383 7ff704aa84de 28381->28383 28382->26752 28387 7ff704aa8590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28383->28387 28385->26755 28386->28378 28387->28382 28389->26802 28393 7ff704a815f7 28390->28393 28400 7ff704a81736 28390->28400 28392 7ff704a8173c 28394 7ff704a81f80 Concurrency::cancel_current_task 33 API calls 28392->28394 28393->28392 28395 7ff704a8161f BuildCatchObjectHelperInternal 28393->28395 28397 7ff704ab21d0 33 API calls 28393->28397 28396 7ff704a81742 28394->28396 28398 7ff704a816e4 BuildCatchObjectHelperInternal 28395->28398 28399 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 28395->28399 28397->28395 28398->26818 28399->28400 28401 7ff704a82004 33 API calls std::_Xinvalid_argument 28400->28401 28402 7ff704ab20f0 28403 7ff704ab2106 _com_error::_com_error 28402->28403 28404 7ff704ab4078 std::_Xinvalid_argument 2 API calls 28403->28404 28405 7ff704ab2117 28404->28405 28406 7ff704ab1900 _com_raise_error 14 API calls 28405->28406 28407 7ff704ab2163 28406->28407 28408 7ff704abbdf8 28409 7ff704abbe68 28408->28409 28410 7ff704abbe1e GetModuleHandleW 28408->28410 28425 7ff704abf398 EnterCriticalSection 28409->28425 28410->28409 28417 7ff704abbe2b 28410->28417 28417->28409 28426 7ff704abbfb0 GetModuleHandleExW 28417->28426 28427 7ff704abc001 28426->28427 28428 7ff704abbfda GetProcAddress 28426->28428 28429 7ff704abc011 28427->28429 28430 7ff704abc00b FreeLibrary 28427->28430 28428->28427 28431 7ff704abbff4 28428->28431 28429->28409 28430->28429 28431->28427 28432 7ff704abd94c 28433 7ff704abd997 28432->28433 28434 7ff704abd95b abort 28432->28434 28439 7ff704abd69c 15 API calls abort 28433->28439 28434->28433 28435 7ff704abd97e HeapAlloc 28434->28435 28438 7ff704abbbc0 abort 2 API calls 28434->28438 28435->28434 28437 7ff704abd995 28435->28437 28438->28434 28439->28437 28440 7ff704ab154b 28441 7ff704ab14a2 28440->28441 28441->28440 28442 7ff704ab1900 _com_raise_error 14 API calls 28441->28442 28442->28441 28443 7ff704ab2d6c 28468 7ff704ab27fc 28443->28468 28446 7ff704ab2eb8 28566 7ff704ab3170 7 API calls 2 library calls 28446->28566 28447 7ff704ab2d88 __scrt_acquire_startup_lock 28449 7ff704ab2ec2 28447->28449 28451 7ff704ab2da6 28447->28451 28567 7ff704ab3170 7 API calls 2 library calls 28449->28567 28452 7ff704ab2dcb 28451->28452 28456 7ff704ab2de8 __scrt_release_startup_lock 28451->28456 28476 7ff704abcd90 28451->28476 28454 7ff704ab2ecd abort 28455 7ff704ab2e51 28480 7ff704ab32bc 28455->28480 28456->28455 28563 7ff704abc050 35 API calls __GSHandlerCheck_EH 28456->28563 28458 7ff704ab2e56 28483 7ff704abcd20 28458->28483 28568 7ff704ab2fb0 28468->28568 28471 7ff704ab2827 28471->28446 28471->28447 28472 7ff704ab282b 28570 7ff704abcc50 28472->28570 28477 7ff704abcdcc 28476->28477 28478 7ff704abcdeb 28476->28478 28477->28478 28587 7ff704a81120 28477->28587 28478->28456 28481 7ff704ab3cf0 memcpy_s 28480->28481 28482 7ff704ab32d3 GetStartupInfoW 28481->28482 28482->28458 28593 7ff704ac0730 28483->28593 28485 7ff704ab2e5e 28488 7ff704ab0754 28485->28488 28486 7ff704abcd2f 28486->28485 28597 7ff704ac0ac0 35 API calls _snwprintf 28486->28597 28599 7ff704a9dfd0 28488->28599 28491 7ff704a962dc 35 API calls 28492 7ff704ab079a 28491->28492 28676 7ff704aa946c 28492->28676 28494 7ff704ab07a4 memcpy_s 28681 7ff704aa9a14 28494->28681 28496 7ff704ab0ddc 28497 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 28496->28497 28500 7ff704ab0de2 28497->28500 28498 7ff704ab096e GetCommandLineW 28501 7ff704ab0980 28498->28501 28502 7ff704ab0b42 28498->28502 28499 7ff704ab0819 28499->28496 28499->28498 28504 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 28500->28504 28506 7ff704a8129c 33 API calls 28501->28506 28503 7ff704a96454 34 API calls 28502->28503 28505 7ff704ab0b51 28503->28505 28515 7ff704ab0de8 28504->28515 28509 7ff704a81fa0 31 API calls 28505->28509 28513 7ff704ab0b68 BuildCatchObjectHelperInternal 28505->28513 28508 7ff704ab09a5 28506->28508 28507 7ff704a81fa0 31 API calls 28510 7ff704ab0b93 SetEnvironmentVariableW GetLocalTime 28507->28510 28722 7ff704aacad0 102 API calls 3 library calls 28508->28722 28509->28513 28514 7ff704a93e28 swprintf 46 API calls 28510->28514 28511 7ff704ab1900 _com_raise_error 14 API calls 28511->28515 28513->28507 28517 7ff704ab0c18 SetEnvironmentVariableW GetModuleHandleW LoadIconW 28514->28517 28515->28511 28516 7ff704ab09af 28516->28500 28518 7ff704ab09f9 OpenFileMappingW 28516->28518 28519 7ff704ab0adb 28516->28519 28691 7ff704aab014 LoadBitmapW 28517->28691 28521 7ff704ab0ad0 CloseHandle 28518->28521 28522 7ff704ab0a19 MapViewOfFile 28518->28522 28526 7ff704a8129c 33 API calls 28519->28526 28521->28502 28522->28521 28524 7ff704ab0a3f UnmapViewOfFile MapViewOfFile 28522->28524 28524->28521 28527 7ff704ab0a71 28524->28527 28529 7ff704ab0b00 28526->28529 28723 7ff704aaa190 33 API calls 2 library calls 28527->28723 28528 7ff704ab0c75 28715 7ff704aa67b4 28528->28715 28727 7ff704aafd0c 35 API calls 2 library calls 28529->28727 28533 7ff704ab0a81 28724 7ff704aafd0c 35 API calls 2 library calls 28533->28724 28535 7ff704ab0b0a 28535->28502 28541 7ff704ab0dd7 28535->28541 28537 7ff704aa67b4 33 API calls 28539 7ff704ab0c87 DialogBoxParamW 28537->28539 28538 7ff704ab0a90 28725 7ff704a9b9b4 102 API calls 28538->28725 28545 7ff704ab0cd3 28539->28545 28544 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 28541->28544 28542 7ff704ab0aa5 28726 7ff704a9bb00 102 API calls 28542->28726 28544->28496 28547 7ff704ab0ce6 Sleep 28545->28547 28548 7ff704ab0cec 28545->28548 28546 7ff704ab0ab8 28550 7ff704ab0ac7 UnmapViewOfFile 28546->28550 28547->28548 28549 7ff704ab0cfa 28548->28549 28728 7ff704aa9f4c 49 API calls 2 library calls 28548->28728 28552 7ff704ab0d06 DeleteObject 28549->28552 28550->28521 28553 7ff704ab0d1f DeleteObject 28552->28553 28554 7ff704ab0d25 28552->28554 28553->28554 28555 7ff704ab0d6d 28554->28555 28556 7ff704ab0d5b 28554->28556 28718 7ff704aa94e4 28555->28718 28729 7ff704aafe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 28556->28729 28558 7ff704ab0d60 CloseHandle 28558->28555 28563->28455 28566->28449 28567->28454 28569 7ff704ab281e __scrt_dllmain_crt_thread_attach 28568->28569 28569->28471 28569->28472 28571 7ff704ac0d4c 28570->28571 28572 7ff704ab2830 28571->28572 28575 7ff704abec00 28571->28575 28572->28471 28574 7ff704ab51a0 7 API calls 2 library calls 28572->28574 28574->28471 28586 7ff704abf398 EnterCriticalSection 28575->28586 28588 7ff704a891c8 35 API calls 28587->28588 28589 7ff704a81130 28588->28589 28592 7ff704ab29bc 34 API calls 28589->28592 28591 7ff704ab2a01 28591->28477 28592->28591 28594 7ff704ac0749 28593->28594 28595 7ff704ac073d 28593->28595 28594->28486 28598 7ff704ac0570 48 API calls 5 library calls 28595->28598 28597->28486 28598->28594 28730 7ff704ab2450 28599->28730 28602 7ff704a9e026 GetProcAddress 28604 7ff704a9e053 GetProcAddress 28602->28604 28605 7ff704a9e03b 28602->28605 28603 7ff704a9e07b 28606 7ff704a9e503 28603->28606 28737 7ff704abb788 39 API calls 2 library calls 28603->28737 28604->28603 28608 7ff704a9e068 28604->28608 28605->28604 28607 7ff704a96454 34 API calls 28606->28607 28610 7ff704a9e50c 28607->28610 28608->28603 28612 7ff704a97df4 47 API calls 28610->28612 28611 7ff704a9e3b0 28611->28606 28613 7ff704a9e3ba 28611->28613 28642 7ff704a9e51a 28612->28642 28614 7ff704a96454 34 API calls 28613->28614 28615 7ff704a9e3c3 CreateFileW 28614->28615 28617 7ff704a9e4f0 CloseHandle 28615->28617 28618 7ff704a9e403 SetFilePointer 28615->28618 28620 7ff704a81fa0 31 API calls 28617->28620 28618->28617 28619 7ff704a9e41c ReadFile 28618->28619 28619->28617 28621 7ff704a9e444 28619->28621 28620->28606 28622 7ff704a9e800 28621->28622 28623 7ff704a9e458 28621->28623 28746 7ff704ab2624 8 API calls 28622->28746 28628 7ff704a8129c 33 API calls 28623->28628 28625 7ff704a8129c 33 API calls 28625->28642 28626 7ff704a9e805 28627 7ff704a9e53e CompareStringW 28627->28642 28633 7ff704a9e48f 28628->28633 28629 7ff704a98090 47 API calls 28629->28642 28630 7ff704a81fa0 31 API calls 28630->28642 28632 7ff704a9e63a 28634 7ff704a9e7c2 28632->28634 28635 7ff704a9e648 28632->28635 28638 7ff704a9e4db 28633->28638 28738 7ff704a9d0a0 33 API calls 28633->28738 28636 7ff704a81fa0 31 API calls 28634->28636 28739 7ff704a97eb0 47 API calls 28635->28739 28641 7ff704a9e7cb 28636->28641 28637 7ff704a932bc 51 API calls 28637->28642 28643 7ff704a81fa0 31 API calls 28638->28643 28640 7ff704a9e651 28644 7ff704a951a4 9 API calls 28640->28644 28646 7ff704a81fa0 31 API calls 28641->28646 28642->28625 28642->28627 28642->28629 28642->28630 28642->28637 28660 7ff704a9e5cc 28642->28660 28732 7ff704a951a4 28642->28732 28647 7ff704a9e4e5 28643->28647 28648 7ff704a9e656 28644->28648 28645 7ff704a8129c 33 API calls 28645->28660 28649 7ff704a9e7d5 28646->28649 28650 7ff704a81fa0 31 API calls 28647->28650 28651 7ff704a9e706 28648->28651 28658 7ff704a9e661 28648->28658 28653 7ff704ab2320 _handle_error 8 API calls 28649->28653 28650->28617 28654 7ff704a9da98 48 API calls 28651->28654 28652 7ff704a98090 47 API calls 28652->28660 28655 7ff704a9e7e4 28653->28655 28656 7ff704a9e74b AllocConsole 28654->28656 28655->28491 28659 7ff704a9e755 GetCurrentProcessId AttachConsole 28656->28659 28675 7ff704a9e6fb 28656->28675 28657 7ff704a81fa0 31 API calls 28657->28660 28663 7ff704a9aae0 48 API calls 28658->28663 28661 7ff704a9e76c 28659->28661 28660->28632 28660->28645 28660->28652 28660->28657 28662 7ff704a932bc 51 API calls 28660->28662 28668 7ff704a9e778 GetStdHandle WriteConsoleW Sleep FreeConsole 28661->28668 28662->28660 28665 7ff704a9e6a5 28663->28665 28664 7ff704a819e0 Concurrency::details::SchedulerBase::GetBitSet 31 API calls 28666 7ff704a9e7b9 ExitProcess 28664->28666 28667 7ff704a9da98 48 API calls 28665->28667 28669 7ff704a9e6c3 28667->28669 28668->28675 28670 7ff704a9aae0 48 API calls 28669->28670 28671 7ff704a9e6ce 28670->28671 28740 7ff704a9dc2c 33 API calls 28671->28740 28673 7ff704a9e6da 28741 7ff704a819e0 28673->28741 28675->28664 28677 7ff704a9dd88 28676->28677 28678 7ff704aa9481 OleInitialize 28677->28678 28679 7ff704aa94a7 28678->28679 28680 7ff704aa94cd SHGetMalloc 28679->28680 28680->28494 28682 7ff704aa9a49 28681->28682 28684 7ff704aa9a4e BuildCatchObjectHelperInternal 28681->28684 28683 7ff704a81fa0 31 API calls 28682->28683 28683->28684 28685 7ff704a81fa0 31 API calls 28684->28685 28686 7ff704aa9a7d BuildCatchObjectHelperInternal 28684->28686 28685->28686 28687 7ff704a81fa0 31 API calls 28686->28687 28689 7ff704aa9aac BuildCatchObjectHelperInternal 28686->28689 28687->28689 28688 7ff704a81fa0 31 API calls 28690 7ff704aa9adb BuildCatchObjectHelperInternal 28688->28690 28689->28688 28689->28690 28690->28499 28692 7ff704aab03e 28691->28692 28696 7ff704aab046 28691->28696 28747 7ff704aa8624 FindResourceExW 28692->28747 28693 7ff704aab04e GetObjectW 28695 7ff704aab063 28693->28695 28697 7ff704aa849c 4 API calls 28695->28697 28696->28693 28696->28695 28698 7ff704aab078 28697->28698 28699 7ff704aab0ce 28698->28699 28700 7ff704aab09e 28698->28700 28701 7ff704aa8624 11 API calls 28698->28701 28710 7ff704a998ac 28699->28710 28762 7ff704aa8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28700->28762 28703 7ff704aab08a 28701->28703 28703->28700 28705 7ff704aab092 DeleteObject 28703->28705 28704 7ff704aab0a7 28706 7ff704aa84cc 4 API calls 28704->28706 28705->28700 28707 7ff704aab0b2 28706->28707 28763 7ff704aa8df4 16 API calls _handle_error 28707->28763 28709 7ff704aab0bf DeleteObject 28709->28699 28764 7ff704a998dc 28710->28764 28712 7ff704a998ba 28831 7ff704a9a43c GetModuleHandleW FindResourceW 28712->28831 28714 7ff704a998c2 28714->28528 28716 7ff704ab21d0 33 API calls 28715->28716 28717 7ff704aa67fa 28716->28717 28717->28537 28719 7ff704aa9501 28718->28719 28720 7ff704aa950a OleUninitialize 28719->28720 28721 7ff704aee330 28720->28721 28722->28516 28723->28533 28724->28538 28725->28542 28726->28546 28727->28535 28728->28549 28729->28558 28731 7ff704a9dff4 GetModuleHandleW 28730->28731 28731->28602 28731->28603 28733 7ff704a951c8 GetVersionExW 28732->28733 28734 7ff704a951fb 28732->28734 28733->28734 28735 7ff704ab2320 _handle_error 8 API calls 28734->28735 28736 7ff704a95228 28735->28736 28736->28642 28737->28611 28738->28633 28739->28640 28740->28673 28743 7ff704a81fa0 28741->28743 28742 7ff704a81fdc 28742->28675 28743->28742 28744 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 28743->28744 28745 7ff704a82000 28744->28745 28746->28626 28748 7ff704aa879b 28747->28748 28749 7ff704aa864f SizeofResource 28747->28749 28748->28696 28749->28748 28750 7ff704aa8669 LoadResource 28749->28750 28750->28748 28751 7ff704aa8682 LockResource 28750->28751 28751->28748 28752 7ff704aa8697 GlobalAlloc 28751->28752 28752->28748 28753 7ff704aa86b8 GlobalLock 28752->28753 28754 7ff704aa8792 GlobalFree 28753->28754 28755 7ff704aa86ca BuildCatchObjectHelperInternal 28753->28755 28754->28748 28756 7ff704aa86d8 CreateStreamOnHGlobal 28755->28756 28757 7ff704aa86f6 GdipAlloc 28756->28757 28758 7ff704aa8789 GlobalUnlock 28756->28758 28759 7ff704aa870b 28757->28759 28758->28754 28759->28758 28760 7ff704aa8772 28759->28760 28761 7ff704aa875a GdipCreateHBITMAPFromBitmap 28759->28761 28760->28758 28761->28760 28762->28704 28763->28709 28767 7ff704a998fe _snwprintf 28764->28767 28765 7ff704a99973 28841 7ff704a968b0 48 API calls 28765->28841 28767->28765 28768 7ff704a99a89 28767->28768 28771 7ff704a999fd 28768->28771 28774 7ff704a820b0 33 API calls 28768->28774 28769 7ff704a81fa0 31 API calls 28769->28771 28770 7ff704a9997d BuildCatchObjectHelperInternal 28770->28769 28772 7ff704a9a42e 28770->28772 28776 7ff704a924c0 54 API calls 28771->28776 28773 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 28772->28773 28775 7ff704a9a434 28773->28775 28774->28771 28778 7ff704ab7904 _invalid_parameter_noinfo_noreturn 31 API calls 28775->28778 28777 7ff704a99a1a 28776->28777 28779 7ff704a99a22 28777->28779 28786 7ff704a99aad 28777->28786 28780 7ff704a9a43a 28778->28780 28781 7ff704a9204c 100 API calls 28779->28781 28783 7ff704a99a2b 28781->28783 28782 7ff704a99b17 28833 7ff704aba450 28782->28833 28783->28775 28785 7ff704a99a66 28783->28785 28790 7ff704ab2320 _handle_error 8 API calls 28785->28790 28786->28782 28787 7ff704a98e58 33 API calls 28786->28787 28787->28786 28789 7ff704aba450 31 API calls 28802 7ff704a99b57 __vcrt_FlsAlloc 28789->28802 28791 7ff704a9a40e 28790->28791 28791->28712 28792 7ff704a99c89 28793 7ff704a92aa0 101 API calls 28792->28793 28805 7ff704a99d5c 28792->28805 28796 7ff704a99ca1 28793->28796 28794 7ff704a92bb0 101 API calls 28794->28802 28795 7ff704a928d0 104 API calls 28795->28802 28797 7ff704a928d0 104 API calls 28796->28797 28796->28805 28803 7ff704a99cc9 28797->28803 28798 7ff704a9204c 100 API calls 28800 7ff704a9a3f5 28798->28800 28799 7ff704a92aa0 101 API calls 28799->28802 28801 7ff704a81fa0 31 API calls 28800->28801 28801->28785 28802->28792 28802->28794 28802->28795 28802->28799 28802->28805 28803->28805 28826 7ff704a99cd7 __vcrt_FlsAlloc 28803->28826 28842 7ff704aa0bbc MultiByteToWideChar 28803->28842 28805->28798 28806 7ff704a9a1ec 28821 7ff704a9a2c2 28806->28821 28848 7ff704abcf90 31 API calls 2 library calls 28806->28848 28808 7ff704a9a157 28808->28806 28845 7ff704abcf90 31 API calls 2 library calls 28808->28845 28809 7ff704a9a14b 28809->28712 28812 7ff704a9a2ae 28812->28821 28850 7ff704a98cd0 33 API calls 2 library calls 28812->28850 28813 7ff704a9a3a2 28815 7ff704aba450 31 API calls 28813->28815 28814 7ff704a9a249 28849 7ff704abb7bc 31 API calls _invalid_parameter_noinfo_noreturn 28814->28849 28817 7ff704a9a3cb 28815->28817 28819 7ff704aba450 31 API calls 28817->28819 28818 7ff704a9a16d 28846 7ff704abb7bc 31 API calls _invalid_parameter_noinfo_noreturn 28818->28846 28819->28805 28821->28813 28822 7ff704a98e58 33 API calls 28821->28822 28822->28821 28823 7ff704a9a1d8 28823->28806 28847 7ff704a98cd0 33 API calls 2 library calls 28823->28847 28824 7ff704aa0f68 WideCharToMultiByte 28824->28826 28826->28805 28826->28806 28826->28808 28826->28809 28826->28824 28827 7ff704a9a429 28826->28827 28843 7ff704a9aa88 45 API calls _snwprintf 28826->28843 28844 7ff704aba270 31 API calls 2 library calls 28826->28844 28851 7ff704ab2624 8 API calls 28827->28851 28832 7ff704a9a468 28831->28832 28832->28714 28834 7ff704aba47d 28833->28834 28840 7ff704aba492 28834->28840 28852 7ff704abd69c 15 API calls abort 28834->28852 28836 7ff704aba487 28853 7ff704ab78e4 31 API calls _invalid_parameter_noinfo 28836->28853 28838 7ff704ab2320 _handle_error 8 API calls 28839 7ff704a99b37 28838->28839 28839->28789 28840->28838 28841->28770 28842->28826 28843->28826 28844->28826 28845->28818 28846->28823 28847->28806 28848->28814 28849->28812 28850->28821 28851->28772 28852->28836 28853->28840
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Item$Message$_invalid_parameter_noinfo_noreturn$Send$DialogText$File$ErrorLast$CloseFindFocusLoadStringViewWindow$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleLineMappingParamShellSleepTickTranslateUnmap
                                • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                • API String ID: 255727823-2702805183
                                • Opcode ID: 6f53b02eb7464d83d42a93208eec5b4be614a98b9f353964e001bbae5b26f983
                                • Instruction ID: 26d351f88a6495b9efe540dbc0f8b3ef233b7190ccbc24c22af1006904f8f62f
                                • Opcode Fuzzy Hash: 6f53b02eb7464d83d42a93208eec5b4be614a98b9f353964e001bbae5b26f983
                                • Instruction Fuzzy Hash: 61D2C5A2A0868241FA20FF27ECC4AF9E351EF85794FE04136DA5D066A6DF3CE554C760
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$FileMessageMoveSend$DialogItemPathTemp
                                • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                • API String ID: 3007431893-3916287355
                                • Opcode ID: 31b0b718fa814e184653d6f2130b1fd389ebb481cc2203161add382f4dedccaa
                                • Instruction ID: 70c02f6cc52c2d470a0bbbc36ce9d85dd0972a0a7f4ecfd8554d3ec38f123be8
                                • Opcode Fuzzy Hash: 31b0b718fa814e184653d6f2130b1fd389ebb481cc2203161add382f4dedccaa
                                • Instruction Fuzzy Hash: A213B0B3A0478285EB10EF66DCC0AED67A1EF40398FA00536DA5D17AD9DF38D595C3A0

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1466 7ff704ab0754-7ff704ab0829 call 7ff704a9dfd0 call 7ff704a962dc call 7ff704aa946c call 7ff704ab3cf0 call 7ff704aa9a14 1477 7ff704ab0860-7ff704ab0883 1466->1477 1478 7ff704ab082b-7ff704ab0840 1466->1478 1481 7ff704ab0885-7ff704ab089a 1477->1481 1482 7ff704ab08ba-7ff704ab08dd 1477->1482 1479 7ff704ab0842-7ff704ab0855 1478->1479 1480 7ff704ab085b call 7ff704ab220c 1478->1480 1479->1480 1483 7ff704ab0ddd-7ff704ab0de2 call 7ff704ab7904 1479->1483 1480->1477 1485 7ff704ab08b5 call 7ff704ab220c 1481->1485 1486 7ff704ab089c-7ff704ab08af 1481->1486 1487 7ff704ab08df-7ff704ab08f4 1482->1487 1488 7ff704ab0914-7ff704ab0937 1482->1488 1502 7ff704ab0de3-7ff704ab0df0 call 7ff704ab7904 1483->1502 1485->1482 1486->1483 1486->1485 1491 7ff704ab090f call 7ff704ab220c 1487->1491 1492 7ff704ab08f6-7ff704ab0909 1487->1492 1493 7ff704ab0939-7ff704ab094e 1488->1493 1494 7ff704ab096e-7ff704ab097a GetCommandLineW 1488->1494 1491->1488 1492->1483 1492->1491 1495 7ff704ab0950-7ff704ab0963 1493->1495 1496 7ff704ab0969 call 7ff704ab220c 1493->1496 1498 7ff704ab0980-7ff704ab09b7 call 7ff704ab797c call 7ff704a8129c call 7ff704aacad0 1494->1498 1499 7ff704ab0b47-7ff704ab0b5e call 7ff704a96454 1494->1499 1495->1483 1495->1496 1496->1494 1527 7ff704ab09b9-7ff704ab09cc 1498->1527 1528 7ff704ab09ec-7ff704ab09f3 1498->1528 1510 7ff704ab0b60-7ff704ab0b85 call 7ff704a81fa0 call 7ff704ab3640 1499->1510 1511 7ff704ab0b89-7ff704ab0ce4 call 7ff704a81fa0 SetEnvironmentVariableW GetLocalTime call 7ff704a93e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff704aab014 call 7ff704a998ac call 7ff704aa67b4 * 2 DialogBoxParamW call 7ff704aa68a8 * 2 1499->1511 1513 7ff704ab0df5-7ff704ab0e2f call 7ff704ab1900 1502->1513 1510->1511 1572 7ff704ab0ce6 Sleep 1511->1572 1573 7ff704ab0cec-7ff704ab0cf3 1511->1573 1522 7ff704ab0e34-7ff704ab0ed5 1513->1522 1522->1513 1532 7ff704ab09e7 call 7ff704ab220c 1527->1532 1533 7ff704ab09ce-7ff704ab09e1 1527->1533 1529 7ff704ab09f9-7ff704ab0a13 OpenFileMappingW 1528->1529 1530 7ff704ab0adb-7ff704ab0b12 call 7ff704ab797c call 7ff704a8129c call 7ff704aafd0c 1528->1530 1535 7ff704ab0ad0-7ff704ab0ad9 CloseHandle 1529->1535 1536 7ff704ab0a19-7ff704ab0a39 MapViewOfFile 1529->1536 1530->1499 1555 7ff704ab0b14-7ff704ab0b27 1530->1555 1532->1528 1533->1502 1533->1532 1535->1499 1536->1535 1541 7ff704ab0a3f-7ff704ab0a6f UnmapViewOfFile MapViewOfFile 1536->1541 1541->1535 1544 7ff704ab0a71-7ff704ab0aca call 7ff704aaa190 call 7ff704aafd0c call 7ff704a9b9b4 call 7ff704a9bb00 call 7ff704a9bb70 UnmapViewOfFile 1541->1544 1544->1535 1558 7ff704ab0b42 call 7ff704ab220c 1555->1558 1559 7ff704ab0b29-7ff704ab0b3c 1555->1559 1558->1499 1559->1558 1563 7ff704ab0dd7-7ff704ab0ddc call 7ff704ab7904 1559->1563 1563->1483 1572->1573 1575 7ff704ab0cf5 call 7ff704aa9f4c 1573->1575 1576 7ff704ab0cfa-7ff704ab0d1d call 7ff704a9b8e0 DeleteObject 1573->1576 1575->1576 1581 7ff704ab0d1f DeleteObject 1576->1581 1582 7ff704ab0d25-7ff704ab0d2c 1576->1582 1581->1582 1583 7ff704ab0d48-7ff704ab0d59 1582->1583 1584 7ff704ab0d2e-7ff704ab0d35 1582->1584 1585 7ff704ab0d6d-7ff704ab0d7a 1583->1585 1586 7ff704ab0d5b-7ff704ab0d67 call 7ff704aafe24 CloseHandle 1583->1586 1584->1583 1587 7ff704ab0d37-7ff704ab0d43 call 7ff704a8ba0c 1584->1587 1589 7ff704ab0d9f-7ff704ab0da4 call 7ff704aa94e4 1585->1589 1590 7ff704ab0d7c-7ff704ab0d89 1585->1590 1586->1585 1587->1583 1598 7ff704ab0da9-7ff704ab0dd6 call 7ff704ab2320 1589->1598 1593 7ff704ab0d99-7ff704ab0d9b 1590->1593 1594 7ff704ab0d8b-7ff704ab0d93 1590->1594 1593->1589 1597 7ff704ab0d9d 1593->1597 1594->1589 1596 7ff704ab0d95-7ff704ab0d97 1594->1596 1596->1589 1597->1589
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                • API String ID: 1048086575-3710569615
                                • Opcode ID: c329a48066309f809b0ed759e5440bf592438963a56de83793cfb2c4d91a7b0a
                                • Instruction ID: 2d3d6297782f0cd3928e842955fbae92f86eb6a19cd72473b420f2b68f52e876
                                • Opcode Fuzzy Hash: c329a48066309f809b0ed759e5440bf592438963a56de83793cfb2c4d91a7b0a
                                • Instruction Fuzzy Hash: 6F128AA1A1878285EB10BF27ECC56B9E361FF84784FE04235DA9D46A96DF3CE150C760

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWideswprintf
                                • String ID: $%s:$CAPTION
                                • API String ID: 2100155373-404845831
                                • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                • Instruction ID: 9675d140b705c56b3875b648a800a113b8330e12a5e6b845f7d2909eda73f1fe
                                • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                • Instruction Fuzzy Hash: 0091F972B1864186EB54EF2AAC40A6AF7A1FF84784F905535EE4D47B59CF3CE805CB10

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                • String ID: PNG
                                • API String ID: 211097158-364855578
                                • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                • Instruction ID: cd4c3dc26ed25abe8ef2f493dc938272e4987847a7c4bb61f9f17bb6aa2a707b
                                • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                • Instruction Fuzzy Hash: A64130A6A09B0681EE54BF57DC84B79E3A0BF88B95FA44439CE1D47364EF7CE4448360
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: __tmp_reference_source_
                                • API String ID: 3668304517-685763994
                                • Opcode ID: 7e088de4b94aaccf94bd5879c844e6984537f535aefd07da26bfa6e916f89134
                                • Instruction ID: 44959b996d26a15045e02bd940ad307354920eda5c054d181b79a5b24e3e2dbc
                                • Opcode Fuzzy Hash: 7e088de4b94aaccf94bd5879c844e6984537f535aefd07da26bfa6e916f89134
                                • Instruction Fuzzy Hash: D5E297A2A0C6C295EA64AF26DC807BEE761FF81784FA04136DB9D076A5CF3CE455C710
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: CMT
                                • API String ID: 3668304517-2756464174
                                • Opcode ID: 62028e1e7948fae5946deb5f61571c4559f74175e386f169438dbf835b9dcef5
                                • Instruction ID: fadc64abdd2f902744d7ea8ef14339a4addd672be94741ad616d4d3eb8916dcc
                                • Opcode Fuzzy Hash: 62028e1e7948fae5946deb5f61571c4559f74175e386f169438dbf835b9dcef5
                                • Instruction Fuzzy Hash: 13E205A2B0868296EB14EF62DC90AFDA7A1FF45784FA00039DA5E47796DF3CE454C310

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 3898 7ff704a940bc-7ff704a940f3 3899 7ff704a941d2-7ff704a941df FindNextFileW 3898->3899 3900 7ff704a940f9-7ff704a94101 3898->3900 3903 7ff704a941e1-7ff704a941f1 GetLastError 3899->3903 3904 7ff704a941f3-7ff704a941f6 3899->3904 3901 7ff704a94103 3900->3901 3902 7ff704a94106-7ff704a94118 FindFirstFileW 3900->3902 3901->3902 3902->3904 3905 7ff704a9411e-7ff704a94146 call 7ff704a96a0c 3902->3905 3906 7ff704a941ca-7ff704a941cd 3903->3906 3907 7ff704a94211-7ff704a94253 call 7ff704ab797c call 7ff704a8129c call 7ff704a98090 3904->3907 3908 7ff704a941f8-7ff704a94200 3904->3908 3918 7ff704a94167-7ff704a94170 3905->3918 3919 7ff704a94148-7ff704a94164 FindFirstFileW 3905->3919 3909 7ff704a942eb-7ff704a9430e call 7ff704ab2320 3906->3909 3934 7ff704a94255-7ff704a9426c 3907->3934 3935 7ff704a9428c-7ff704a942e6 call 7ff704a9f168 * 3 3907->3935 3911 7ff704a94202 3908->3911 3912 7ff704a94205-7ff704a9420c call 7ff704a820b0 3908->3912 3911->3912 3912->3907 3922 7ff704a94172-7ff704a94189 3918->3922 3923 7ff704a941a9-7ff704a941ad 3918->3923 3919->3918 3925 7ff704a941a4 call 7ff704ab220c 3922->3925 3926 7ff704a9418b-7ff704a9419e 3922->3926 3923->3904 3927 7ff704a941af-7ff704a941be GetLastError 3923->3927 3925->3923 3926->3925 3932 7ff704a94315-7ff704a9431b call 7ff704ab7904 3926->3932 3929 7ff704a941c0-7ff704a941c6 3927->3929 3930 7ff704a941c8 3927->3930 3929->3906 3929->3930 3930->3906 3937 7ff704a94287 call 7ff704ab220c 3934->3937 3938 7ff704a9426e-7ff704a94281 3934->3938 3935->3909 3937->3935 3938->3937 3941 7ff704a9430f-7ff704a94314 call 7ff704ab7904 3938->3941 3941->3932
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                • String ID:
                                • API String ID: 474548282-0
                                • Opcode ID: 302a779ab95c7aaca0ba1f13af6e7309770b234b011da9b93882c2eb88fdf2be
                                • Instruction ID: ed5ed561f0bd5b4e007339c7820de198ea9534897bab4290dd08badc318e650a
                                • Opcode Fuzzy Hash: 302a779ab95c7aaca0ba1f13af6e7309770b234b011da9b93882c2eb88fdf2be
                                • Instruction Fuzzy Hash: C561B9A2A0964281EA10AF16ECC067DA361FF897A4FA04331EABD477D9DF3CD945C710

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 4009 7ff704a85e24-7ff704a86129 call 7ff704a9833c call 7ff704a985f0 4015 7ff704a8612e-7ff704a86132 4009->4015 4016 7ff704a86134-7ff704a8613c call 7ff704a86fcc 4015->4016 4017 7ff704a86141-7ff704a86171 call 7ff704a983d8 call 7ff704a98570 call 7ff704a98528 4015->4017 4022 7ff704a8697b 4016->4022 4034 7ff704a86177-7ff704a86179 4017->4034 4035 7ff704a86973-7ff704a86976 call 7ff704a8466c 4017->4035 4024 7ff704a8697e-7ff704a86985 4022->4024 4027 7ff704a86987-7ff704a86998 4024->4027 4028 7ff704a869b4-7ff704a869e3 call 7ff704ab2320 4024->4028 4031 7ff704a8699a-7ff704a869ad 4027->4031 4032 7ff704a869af call 7ff704ab220c 4027->4032 4031->4032 4037 7ff704a869e4-7ff704a869e9 call 7ff704ab7904 4031->4037 4032->4028 4034->4035 4038 7ff704a8617f-7ff704a86189 4034->4038 4035->4022 4044 7ff704a869ea-7ff704a869ef call 7ff704ab7904 4037->4044 4038->4035 4041 7ff704a8618f-7ff704a86192 4038->4041 4041->4035 4043 7ff704a86198-7ff704a861aa call 7ff704a985f0 4041->4043 4043->4016 4049 7ff704a861ac-7ff704a861fd call 7ff704a984f8 call 7ff704a98528 * 2 4043->4049 4050 7ff704a869f0-7ff704a869f7 call 7ff704ab7904 4044->4050 4059 7ff704a8623f-7ff704a86249 4049->4059 4060 7ff704a861ff-7ff704a86222 call 7ff704a8466c call 7ff704a8ba0c 4049->4060 4062 7ff704a8624b-7ff704a86260 call 7ff704a98528 4059->4062 4063 7ff704a86266-7ff704a86270 4059->4063 4060->4059 4077 7ff704a86224-7ff704a8622e call 7ff704a8433c 4060->4077 4062->4035 4062->4063 4066 7ff704a8627e-7ff704a86296 call 7ff704a8334c 4063->4066 4067 7ff704a86272-7ff704a8627b call 7ff704a98528 4063->4067 4075 7ff704a86298-7ff704a8629b 4066->4075 4076 7ff704a862b3 4066->4076 4067->4066 4075->4076 4078 7ff704a8629d-7ff704a862b1 4075->4078 4079 7ff704a862b6-7ff704a862c8 4076->4079 4077->4059 4078->4076 4078->4079 4081 7ff704a862ce-7ff704a862d1 4079->4081 4082 7ff704a868b7-7ff704a86929 call 7ff704a94d04 call 7ff704a98528 4079->4082 4083 7ff704a862d7-7ff704a862da 4081->4083 4084 7ff704a86481-7ff704a864f4 call 7ff704a94c74 call 7ff704a98528 * 2 4081->4084 4101 7ff704a8692b-7ff704a86934 call 7ff704a98528 4082->4101 4102 7ff704a86936 4082->4102 4083->4084 4086 7ff704a862e0-7ff704a862e3 4083->4086 4117 7ff704a86507-7ff704a86533 call 7ff704a98528 4084->4117 4118 7ff704a864f6-7ff704a86500 4084->4118 4089 7ff704a8632e-7ff704a86353 call 7ff704a98528 4086->4089 4090 7ff704a862e5-7ff704a862e8 4086->4090 4106 7ff704a8639e-7ff704a863c5 call 7ff704a98528 call 7ff704a98384 4089->4106 4107 7ff704a86355-7ff704a8638f call 7ff704a84228 call 7ff704a83c84 call 7ff704a8701c call 7ff704a81fa0 4089->4107 4093 7ff704a862ee-7ff704a86329 call 7ff704a98528 4090->4093 4094 7ff704a8696d-7ff704a86971 4090->4094 4093->4094 4094->4024 4103 7ff704a86939-7ff704a86946 4101->4103 4102->4103 4111 7ff704a8694c 4103->4111 4112 7ff704a86948-7ff704a8694a 4103->4112 4128 7ff704a863c7-7ff704a86400 call 7ff704a84228 call 7ff704a83c84 call 7ff704a8701c call 7ff704a81fa0 4106->4128 4129 7ff704a86402-7ff704a8641f call 7ff704a98444 4106->4129 4153 7ff704a86390-7ff704a86399 call 7ff704a81fa0 4107->4153 4116 7ff704a8694f-7ff704a86959 4111->4116 4112->4111 4112->4116 4116->4094 4122 7ff704a8695b-7ff704a86968 call 7ff704a84840 4116->4122 4130 7ff704a86549-7ff704a86557 4117->4130 4131 7ff704a86535-7ff704a86544 call 7ff704a983d8 call 7ff704a9f134 4117->4131 4118->4117 4122->4094 4128->4153 4150 7ff704a86475-7ff704a8647c 4129->4150 4151 7ff704a86421-7ff704a8646f call 7ff704a98444 * 2 call 7ff704a9c800 call 7ff704ab4a70 4129->4151 4136 7ff704a86559-7ff704a8656c call 7ff704a983d8 4130->4136 4137 7ff704a86572-7ff704a86595 call 7ff704a98528 4130->4137 4131->4130 4136->4137 4154 7ff704a86597-7ff704a8659e 4137->4154 4155 7ff704a865a0-7ff704a865b0 4137->4155 4150->4094 4151->4150 4153->4106 4159 7ff704a865b3-7ff704a865eb call 7ff704a98528 * 2 4154->4159 4155->4159 4173 7ff704a865ed-7ff704a865f4 4159->4173 4174 7ff704a865f6-7ff704a865fa 4159->4174 4176 7ff704a86603-7ff704a86632 4173->4176 4174->4176 4178 7ff704a865fc 4174->4178 4179 7ff704a86634-7ff704a86638 4176->4179 4180 7ff704a8663f 4176->4180 4178->4176 4179->4180 4181 7ff704a8663a-7ff704a8663d 4179->4181 4182 7ff704a86641-7ff704a86656 4180->4182 4181->4182 4183 7ff704a866ca 4182->4183 4184 7ff704a86658-7ff704a8665b 4182->4184 4185 7ff704a866d2-7ff704a86731 call 7ff704a83d00 call 7ff704a98444 call 7ff704aa0d54 4183->4185 4184->4183 4186 7ff704a8665d-7ff704a86683 4184->4186 4197 7ff704a86745-7ff704a86749 4185->4197 4198 7ff704a86733-7ff704a86740 call 7ff704a84840 4185->4198 4186->4185 4188 7ff704a86685-7ff704a866a9 4186->4188 4190 7ff704a866ab 4188->4190 4191 7ff704a866b2-7ff704a866bf 4188->4191 4190->4191 4191->4185 4192 7ff704a866c1-7ff704a866c8 4191->4192 4192->4185 4200 7ff704a8675b-7ff704a86772 call 7ff704ab797c 4197->4200 4201 7ff704a8674b-7ff704a86756 call 7ff704a8473c 4197->4201 4198->4197 4207 7ff704a86777-7ff704a8677e 4200->4207 4208 7ff704a86774 4200->4208 4206 7ff704a86859-7ff704a86860 4201->4206 4209 7ff704a86873-7ff704a8687b 4206->4209 4210 7ff704a86862-7ff704a86872 call 7ff704a8433c 4206->4210 4211 7ff704a867a3-7ff704a867ba call 7ff704ab797c 4207->4211 4212 7ff704a86780-7ff704a86783 4207->4212 4208->4207 4209->4094 4214 7ff704a86881-7ff704a86892 4209->4214 4210->4209 4225 7ff704a867bc 4211->4225 4226 7ff704a867bf-7ff704a867c6 4211->4226 4215 7ff704a8679c 4212->4215 4216 7ff704a86785 4212->4216 4219 7ff704a868ad-7ff704a868b2 call 7ff704ab220c 4214->4219 4220 7ff704a86894-7ff704a868a7 4214->4220 4215->4211 4221 7ff704a86788-7ff704a86791 4216->4221 4219->4094 4220->4050 4220->4219 4221->4211 4224 7ff704a86793-7ff704a8679a 4221->4224 4224->4215 4224->4221 4225->4226 4226->4206 4228 7ff704a867cc-7ff704a867cf 4226->4228 4229 7ff704a867e8-7ff704a867f0 4228->4229 4230 7ff704a867d1 4228->4230 4229->4206 4232 7ff704a867f2-7ff704a86826 call 7ff704a98360 call 7ff704a98598 call 7ff704a98528 4229->4232 4231 7ff704a867d4-7ff704a867dd 4230->4231 4231->4206 4233 7ff704a867df-7ff704a867e6 4231->4233 4232->4206 4240 7ff704a86828-7ff704a86839 4232->4240 4233->4229 4233->4231 4241 7ff704a8683b-7ff704a8684e 4240->4241 4242 7ff704a86854 call 7ff704ab220c 4240->4242 4241->4044 4241->4242 4242->4206
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID: CMT
                                • API String ID: 0-2756464174
                                • Opcode ID: 920946c3a46788dbc14b960d280913d1087d646ed99960bedbc598b6726ca41f
                                • Instruction ID: ce34b1810488f252844c73c8134d5aa9ef788b9fbaa368ecff45f819603cee16
                                • Opcode Fuzzy Hash: 920946c3a46788dbc14b960d280913d1087d646ed99960bedbc598b6726ca41f
                                • Instruction Fuzzy Hash: 4B42B0A2B0868196FB18EF76C9906FDB7A0EF55344FA0013ADB5E53696DF38E518C310
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9760fb6421b16e0e583802a284a649d5527ae7ea6cefd943f702fc6b6a5a6041
                                • Instruction ID: fc67309a37aae420e428ef4000a60211f97158cf698e90cd28da80995c68e6ef
                                • Opcode Fuzzy Hash: 9760fb6421b16e0e583802a284a649d5527ae7ea6cefd943f702fc6b6a5a6041
                                • Instruction Fuzzy Hash: 99E129B3A082C24AEB60EF2AA88467DB790FF48748FA44135EB4E47745DF7CE5618354
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bca6f1c51f28919b1ed0d44622ea5b19d03515415c361c6bf899ecd233d7ad4e
                                • Instruction ID: 2c70fde676f7448a54f5915f680a39a93aa679700bf5d055e297a003e59af6a0
                                • Opcode Fuzzy Hash: bca6f1c51f28919b1ed0d44622ea5b19d03515415c361c6bf899ecd233d7ad4e
                                • Instruction Fuzzy Hash: 5AB1CFE3B04AC992DE58EE66D948AE9A391BB09FC4F988036DE0D07741DF3CE165C350
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Create$CriticalEventInitializeSectionSemaphore
                                • String ID:
                                • API String ID: 3340455307-0
                                • Opcode ID: f6454b2c1b1e68d014e1640965d37ec1740da2d9ebd20a94f833f325a54cd594
                                • Instruction ID: 5fad0a3b62d1c6e4c979bfec4433a92723de5c630c02c9bc0230ec4a0c2520ac
                                • Opcode Fuzzy Hash: f6454b2c1b1e68d014e1640965d37ec1740da2d9ebd20a94f833f325a54cd594
                                • Instruction Fuzzy Hash: CA411962B1965686FB64EF13AD90B6AA252FFC8784FA44034DE0D07B95CF3CE8438754

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 7ff704a9dfd0-7ff704a9e024 call 7ff704ab2450 GetModuleHandleW 3 7ff704a9e026-7ff704a9e039 GetProcAddress 0->3 4 7ff704a9e07b-7ff704a9e3a5 0->4 5 7ff704a9e053-7ff704a9e066 GetProcAddress 3->5 6 7ff704a9e03b-7ff704a9e04a 3->6 7 7ff704a9e503-7ff704a9e521 call 7ff704a96454 call 7ff704a97df4 4->7 8 7ff704a9e3ab-7ff704a9e3b4 call 7ff704abb788 4->8 5->4 10 7ff704a9e068-7ff704a9e078 5->10 6->5 19 7ff704a9e525-7ff704a9e52f call 7ff704a951a4 7->19 8->7 16 7ff704a9e3ba-7ff704a9e3fd call 7ff704a96454 CreateFileW 8->16 10->4 22 7ff704a9e4f0-7ff704a9e4fe CloseHandle call 7ff704a81fa0 16->22 23 7ff704a9e403-7ff704a9e416 SetFilePointer 16->23 28 7ff704a9e531-7ff704a9e53c call 7ff704a9dd88 19->28 29 7ff704a9e564-7ff704a9e5ac call 7ff704ab797c call 7ff704a8129c call 7ff704a98090 call 7ff704a81fa0 call 7ff704a932bc 19->29 22->7 23->22 24 7ff704a9e41c-7ff704a9e43e ReadFile 23->24 24->22 27 7ff704a9e444-7ff704a9e452 24->27 30 7ff704a9e800-7ff704a9e807 call 7ff704ab2624 27->30 31 7ff704a9e458-7ff704a9e4ac call 7ff704ab797c call 7ff704a8129c 27->31 28->29 41 7ff704a9e53e-7ff704a9e562 CompareStringW 28->41 69 7ff704a9e5b1-7ff704a9e5b4 29->69 49 7ff704a9e4c3-7ff704a9e4d9 call 7ff704a9d0a0 31->49 41->29 44 7ff704a9e5bd-7ff704a9e5c6 41->44 44->19 47 7ff704a9e5cc 44->47 50 7ff704a9e5d1-7ff704a9e5d4 47->50 63 7ff704a9e4db-7ff704a9e4eb call 7ff704a81fa0 * 2 49->63 64 7ff704a9e4ae-7ff704a9e4be call 7ff704a9dd88 49->64 53 7ff704a9e63f-7ff704a9e642 50->53 54 7ff704a9e5d6-7ff704a9e5d9 50->54 57 7ff704a9e7c2-7ff704a9e7ff call 7ff704a81fa0 * 2 call 7ff704ab2320 53->57 58 7ff704a9e648-7ff704a9e65b call 7ff704a97eb0 call 7ff704a951a4 53->58 59 7ff704a9e5dd-7ff704a9e62d call 7ff704ab797c call 7ff704a8129c call 7ff704a98090 call 7ff704a81fa0 call 7ff704a932bc 54->59 82 7ff704a9e661-7ff704a9e701 call 7ff704a9dd88 * 2 call 7ff704a9aae0 call 7ff704a9da98 call 7ff704a9aae0 call 7ff704a9dc2c call 7ff704aa87ac call 7ff704a819e0 58->82 83 7ff704a9e706-7ff704a9e753 call 7ff704a9da98 AllocConsole 58->83 107 7ff704a9e62f-7ff704a9e638 59->107 108 7ff704a9e63c 59->108 63->22 64->49 75 7ff704a9e5b6 69->75 76 7ff704a9e5ce 69->76 75->44 76->50 100 7ff704a9e7b4-7ff704a9e7bb call 7ff704a819e0 ExitProcess 82->100 94 7ff704a9e7b0 83->94 95 7ff704a9e755-7ff704a9e7aa GetCurrentProcessId AttachConsole call 7ff704a9e868 call 7ff704a9e858 GetStdHandle WriteConsoleW Sleep FreeConsole 83->95 94->100 95->94 107->59 112 7ff704a9e63a 107->112 108->53 112->53
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                • API String ID: 1496594111-2013832382
                                • Opcode ID: f7f2a11762ce96c0b678dc2ee5f4093b28e28463b6618f01c06ebafbf4af03a3
                                • Instruction ID: 9917d3ac34fa113e956cfda3e76397c36241e3ef8a4f978a85a1c919f013f49b
                                • Opcode Fuzzy Hash: f7f2a11762ce96c0b678dc2ee5f4093b28e28463b6618f01c06ebafbf4af03a3
                                • Instruction Fuzzy Hash: 5D3231B1A09B8195EB61AF62EC809EAB3A8FF44354FE00136DA4D077A5EF3CD655C350
                                APIs
                                  • Part of subcall function 00007FF704A98E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF704A98F8D
                                • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF704A99F75
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF704A9A42F
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF704A9A435
                                  • Part of subcall function 00007FF704AA0BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF704AA0B44), ref: 00007FF704AA0BE9
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                • API String ID: 3629253777-3268106645
                                • Opcode ID: f8d2576f2d3b58c8de45b6f33364cb60e7b4664a3fbb63d368bfc9699b226bdf
                                • Instruction ID: 39af13f69fce6782998cfc593e05c981d82b346858703904652de5cb920f472c
                                • Opcode Fuzzy Hash: f8d2576f2d3b58c8de45b6f33364cb60e7b4664a3fbb63d368bfc9699b226bdf
                                • Instruction Fuzzy Hash: 1362AEA2A1968295EB10EF26DCC4ABEA365FF40784FE04136DA4D47795EF3CE944C360

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1911 7ff704ab1900-7ff704ab1989 call 7ff704ab1558 1914 7ff704ab19b4-7ff704ab19d1 1911->1914 1915 7ff704ab198b-7ff704ab19af call 7ff704ab1868 RaiseException 1911->1915 1917 7ff704ab19e6-7ff704ab19ea 1914->1917 1918 7ff704ab19d3-7ff704ab19e4 1914->1918 1921 7ff704ab1bb8-7ff704ab1bd5 1915->1921 1920 7ff704ab19ed-7ff704ab19f9 1917->1920 1918->1920 1922 7ff704ab1a1a-7ff704ab1a1d 1920->1922 1923 7ff704ab19fb-7ff704ab1a0d 1920->1923 1924 7ff704ab1a23-7ff704ab1a26 1922->1924 1925 7ff704ab1ac4-7ff704ab1acb 1922->1925 1935 7ff704ab1a13 1923->1935 1936 7ff704ab1b89-7ff704ab1b93 1923->1936 1929 7ff704ab1a28-7ff704ab1a3b 1924->1929 1930 7ff704ab1a3d-7ff704ab1a52 LoadLibraryExA 1924->1930 1927 7ff704ab1adf-7ff704ab1ae2 1925->1927 1928 7ff704ab1acd-7ff704ab1adc 1925->1928 1931 7ff704ab1b85 1927->1931 1932 7ff704ab1ae8-7ff704ab1aec 1927->1932 1928->1927 1929->1930 1934 7ff704ab1aa9-7ff704ab1ab2 1929->1934 1933 7ff704ab1a54-7ff704ab1a67 GetLastError 1930->1933 1930->1934 1931->1936 1937 7ff704ab1aee-7ff704ab1af2 1932->1937 1938 7ff704ab1b1b-7ff704ab1b2e GetProcAddress 1932->1938 1939 7ff704ab1a69-7ff704ab1a7c 1933->1939 1940 7ff704ab1a7e-7ff704ab1aa4 call 7ff704ab1868 RaiseException 1933->1940 1943 7ff704ab1ab4-7ff704ab1ab7 FreeLibrary 1934->1943 1944 7ff704ab1abd 1934->1944 1935->1922 1941 7ff704ab1bb0 call 7ff704ab1868 1936->1941 1942 7ff704ab1b95-7ff704ab1ba6 1936->1942 1937->1938 1947 7ff704ab1af4-7ff704ab1aff 1937->1947 1938->1931 1950 7ff704ab1b30-7ff704ab1b43 GetLastError 1938->1950 1939->1934 1939->1940 1940->1921 1953 7ff704ab1bb5 1941->1953 1942->1941 1943->1944 1944->1925 1947->1938 1951 7ff704ab1b01-7ff704ab1b08 1947->1951 1955 7ff704ab1b45-7ff704ab1b58 1950->1955 1956 7ff704ab1b5a-7ff704ab1b81 call 7ff704ab1868 RaiseException call 7ff704ab1558 1950->1956 1951->1938 1957 7ff704ab1b0a-7ff704ab1b0f 1951->1957 1953->1921 1955->1931 1955->1956 1956->1931 1957->1938 1959 7ff704ab1b11-7ff704ab1b19 1957->1959 1959->1931 1959->1938
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                • String ID: H
                                • API String ID: 3432403771-2852464175
                                • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                • Instruction ID: 78512ea54d84dae8065f739093a9b2ff31970f4f27629f7e694a5b56631e45e7
                                • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                • Instruction Fuzzy Hash: 3F916EB2A05B5186EB50EF66DC90AA8B3B0FF08B94FA44539CE0D17745EF38E445C360

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1989 7ff704aaf4e0-7ff704aaf523 1990 7ff704aaf894-7ff704aaf8b9 call 7ff704a81fa0 call 7ff704ab2320 1989->1990 1991 7ff704aaf529-7ff704aaf565 call 7ff704ab3cf0 1989->1991 1997 7ff704aaf56a-7ff704aaf571 1991->1997 1998 7ff704aaf567 1991->1998 2000 7ff704aaf582-7ff704aaf586 1997->2000 2001 7ff704aaf573-7ff704aaf577 1997->2001 1998->1997 2004 7ff704aaf588 2000->2004 2005 7ff704aaf58b-7ff704aaf596 2000->2005 2002 7ff704aaf579 2001->2002 2003 7ff704aaf57c-7ff704aaf580 2001->2003 2002->2003 2003->2005 2004->2005 2006 7ff704aaf628 2005->2006 2007 7ff704aaf59c 2005->2007 2009 7ff704aaf62c-7ff704aaf62f 2006->2009 2008 7ff704aaf5a2-7ff704aaf5a9 2007->2008 2012 7ff704aaf5ae-7ff704aaf5b3 2008->2012 2013 7ff704aaf5ab 2008->2013 2010 7ff704aaf631-7ff704aaf635 2009->2010 2011 7ff704aaf637-7ff704aaf63a 2009->2011 2010->2011 2014 7ff704aaf660-7ff704aaf673 call 7ff704a963ac 2010->2014 2011->2014 2015 7ff704aaf63c-7ff704aaf643 2011->2015 2016 7ff704aaf5e5-7ff704aaf5f0 2012->2016 2017 7ff704aaf5b5 2012->2017 2013->2012 2032 7ff704aaf675-7ff704aaf693 call 7ff704aa13c4 2014->2032 2033 7ff704aaf698-7ff704aaf6ed call 7ff704ab797c call 7ff704a8129c call 7ff704a932a8 call 7ff704a81fa0 2014->2033 2015->2014 2018 7ff704aaf645-7ff704aaf65c 2015->2018 2020 7ff704aaf5f2 2016->2020 2021 7ff704aaf5f5-7ff704aaf5fa 2016->2021 2022 7ff704aaf5ca-7ff704aaf5d0 2017->2022 2018->2014 2020->2021 2026 7ff704aaf600-7ff704aaf607 2021->2026 2027 7ff704aaf8ba-7ff704aaf8c1 2021->2027 2023 7ff704aaf5d2 2022->2023 2024 7ff704aaf5b7-7ff704aaf5be 2022->2024 2023->2016 2028 7ff704aaf5c0 2024->2028 2029 7ff704aaf5c3-7ff704aaf5c8 2024->2029 2034 7ff704aaf609 2026->2034 2035 7ff704aaf60c-7ff704aaf612 2026->2035 2030 7ff704aaf8c6-7ff704aaf8cb 2027->2030 2031 7ff704aaf8c3 2027->2031 2028->2029 2029->2022 2036 7ff704aaf5d4-7ff704aaf5db 2029->2036 2037 7ff704aaf8cd-7ff704aaf8d4 2030->2037 2038 7ff704aaf8de-7ff704aaf8e6 2030->2038 2031->2030 2032->2033 2056 7ff704aaf742-7ff704aaf74f ShellExecuteExW 2033->2056 2057 7ff704aaf6ef-7ff704aaf73d call 7ff704ab797c call 7ff704a8129c call 7ff704a95b60 call 7ff704a81fa0 2033->2057 2034->2035 2035->2027 2041 7ff704aaf618-7ff704aaf622 2035->2041 2042 7ff704aaf5e0 2036->2042 2043 7ff704aaf5dd 2036->2043 2044 7ff704aaf8d6 2037->2044 2045 7ff704aaf8d9 2037->2045 2046 7ff704aaf8e8 2038->2046 2047 7ff704aaf8eb-7ff704aaf8f6 2038->2047 2041->2006 2041->2008 2042->2016 2043->2042 2044->2045 2045->2038 2046->2047 2047->2009 2059 7ff704aaf755-7ff704aaf75f 2056->2059 2060 7ff704aaf846-7ff704aaf84e 2056->2060 2057->2056 2064 7ff704aaf761-7ff704aaf764 2059->2064 2065 7ff704aaf76f-7ff704aaf772 2059->2065 2062 7ff704aaf882-7ff704aaf88f 2060->2062 2063 7ff704aaf850-7ff704aaf866 2060->2063 2062->1990 2069 7ff704aaf868-7ff704aaf87b 2063->2069 2070 7ff704aaf87d call 7ff704ab220c 2063->2070 2064->2065 2071 7ff704aaf766-7ff704aaf76d 2064->2071 2066 7ff704aaf774-7ff704aaf77f call 7ff704aee188 2065->2066 2067 7ff704aaf78e-7ff704aaf7ad call 7ff704aee1b8 call 7ff704aafe24 2065->2067 2066->2067 2086 7ff704aaf781-7ff704aaf78c ShowWindow 2066->2086 2072 7ff704aaf7e3-7ff704aaf7f0 CloseHandle 2067->2072 2097 7ff704aaf7af-7ff704aaf7b2 2067->2097 2069->2070 2076 7ff704aaf8fb-7ff704aaf903 call 7ff704ab7904 2069->2076 2070->2062 2071->2065 2071->2072 2082 7ff704aaf7f2-7ff704aaf803 call 7ff704aa13c4 2072->2082 2083 7ff704aaf805-7ff704aaf80c 2072->2083 2082->2083 2084 7ff704aaf82e-7ff704aaf830 2082->2084 2083->2084 2085 7ff704aaf80e-7ff704aaf811 2083->2085 2084->2060 2093 7ff704aaf832-7ff704aaf835 2084->2093 2085->2084 2092 7ff704aaf813-7ff704aaf828 2085->2092 2086->2067 2092->2084 2093->2060 2096 7ff704aaf837-7ff704aaf845 ShowWindow 2093->2096 2096->2060 2097->2072 2099 7ff704aaf7b4-7ff704aaf7c5 GetExitCodeProcess 2097->2099 2099->2072 2100 7ff704aaf7c7-7ff704aaf7dc 2099->2100 2100->2072
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_invalid_parameter_noinfo_noreturn
                                • String ID: .exe$.inf$Install$p
                                • API String ID: 1054546013-3607691742
                                • Opcode ID: f5c8b309920baf1e38cfe499d4066692b9784065f97d1b9ba7782783299fb154
                                • Instruction ID: e0ed9c64c54df8e145fddb430064d8eb1083130e2052d0dbe173274fd799e13d
                                • Opcode Fuzzy Hash: f5c8b309920baf1e38cfe499d4066692b9784065f97d1b9ba7782783299fb154
                                • Instruction Fuzzy Hash: 51C193A2F0860299FA54EF27DDC0A79A371AF88784FA44035DA4D477A5DF3CE46183A4

                                Control-flow Graph

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                • String ID:
                                • API String ID: 3569833718-0
                                • Opcode ID: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                • Instruction ID: 857680ef488964ddead4326770d841c1653b1d2709ad2fcc88e8a0475d1d120e
                                • Opcode Fuzzy Hash: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                • Instruction Fuzzy Hash: 9141C0A2B1464286F710AF63EC54FAA6360EF85B8CFA40135DD1E07B95CF3DE4458768

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2677 7ff704a96a0c-7ff704a96a42 2678 7ff704a96a44-7ff704a96a46 2677->2678 2679 7ff704a96a4b-7ff704a96a7c call 7ff704ab797c call 7ff704a8129c 2677->2679 2680 7ff704a9707f-7ff704a970a5 call 7ff704ab2320 2678->2680 2687 7ff704a96a86-7ff704a96a90 call 7ff704a97138 2679->2687 2688 7ff704a96a7e-7ff704a96a81 call 7ff704a970ec 2679->2688 2692 7ff704a96a96-7ff704a96aaa call 7ff704a970ec 2687->2692 2693 7ff704a96cc7-7ff704a96cee call 7ff704a962dc 2687->2693 2688->2687 2698 7ff704a96ab0-7ff704a96ac4 2692->2698 2699 7ff704a96b49-7ff704a96b51 2692->2699 2700 7ff704a97004 2693->2700 2701 7ff704a96cf4-7ff704a96cfc 2693->2701 2705 7ff704a96aca-7ff704a96add 2698->2705 2706 7ff704a970ac-7ff704a970b1 call 7ff704a82004 2698->2706 2703 7ff704a96cbf-7ff704a96cc2 2699->2703 2704 7ff704a96b57-7ff704a96b5f 2699->2704 2702 7ff704a97007-7ff704a9700f 2700->2702 2707 7ff704a96d01-7ff704a96d0b 2701->2707 2708 7ff704a96cfe 2701->2708 2709 7ff704a97011-7ff704a97023 2702->2709 2710 7ff704a97044-7ff704a9704c 2702->2710 2703->2710 2711 7ff704a96b61 2704->2711 2712 7ff704a96b64-7ff704a96b6e 2704->2712 2714 7ff704a96adf 2705->2714 2715 7ff704a96ae2-7ff704a96b0b call 7ff704a8c098 2705->2715 2732 7ff704a970b2-7ff704a970b7 call 7ff704ab7904 2706->2732 2716 7ff704a96eef-7ff704a96f16 2707->2716 2717 7ff704a96d11-7ff704a96d15 2707->2717 2708->2707 2719 7ff704a97025-7ff704a97038 2709->2719 2720 7ff704a9703e-7ff704a97043 call 7ff704ab220c 2709->2720 2723 7ff704a9707c 2710->2723 2724 7ff704a9704e-7ff704a97060 2710->2724 2711->2712 2712->2703 2722 7ff704a96b74-7ff704a96b7c 2712->2722 2714->2715 2748 7ff704a96b3a-7ff704a96b44 call 7ff704a81fa0 2715->2748 2749 7ff704a96b0d-7ff704a96b35 call 7ff704a81fa0 call 7ff704ab3640 2715->2749 2726 7ff704a970d0-7ff704a970d5 call 7ff704a82004 2716->2726 2727 7ff704a96f1c-7ff704a96f7f call 7ff704a8c098 call 7ff704a811cc call 7ff704a957ac 2716->2727 2717->2716 2718 7ff704a96d1b-7ff704a96d33 2717->2718 2728 7ff704a96d39-7ff704a96d7e call 7ff704a8c098 2718->2728 2729 7ff704a970be-7ff704a970c3 call 7ff704a82004 2718->2729 2719->2720 2730 7ff704a970d6-7ff704a970db call 7ff704ab7904 2719->2730 2720->2710 2734 7ff704a96b81-7ff704a96b86 2722->2734 2735 7ff704a96b7e 2722->2735 2723->2680 2736 7ff704a97062-7ff704a97075 2724->2736 2737 7ff704a97077 call 7ff704ab220c 2724->2737 2726->2730 2795 7ff704a96f81-7ff704a96f89 2727->2795 2796 7ff704a96fe3-7ff704a97001 call 7ff704a81fa0 * 3 2727->2796 2764 7ff704a96d80-7ff704a96d88 2728->2764 2765 7ff704a96deb-7ff704a96e02 call 7ff704a81fa0 2728->2765 2763 7ff704a970c4-7ff704a970c9 call 7ff704ab7904 2729->2763 2769 7ff704a970dc-7ff704a970e3 call 7ff704ab7904 2730->2769 2768 7ff704a970b8-7ff704a970bd call 7ff704ab7904 2732->2768 2734->2703 2746 7ff704a96b8c-7ff704a96bac 2734->2746 2735->2734 2736->2737 2747 7ff704a970a6-7ff704a970ab call 7ff704ab7904 2736->2747 2737->2723 2758 7ff704a96bb1-7ff704a96bf1 call 7ff704a8129c call 7ff704a95820 call 7ff704a8e164 2746->2758 2759 7ff704a96bae 2746->2759 2747->2706 2778 7ff704a96cb4-7ff704a96cba 2748->2778 2749->2748 2822 7ff704a96c63-7ff704a96c80 call 7ff704a81fa0 * 2 2758->2822 2823 7ff704a96bf3-7ff704a96bfb 2758->2823 2759->2758 2797 7ff704a970ca-7ff704a970cf call 7ff704a8704c 2763->2797 2776 7ff704a96d8a-7ff704a96d98 2764->2776 2777 7ff704a96dbb-7ff704a96de6 call 7ff704ab3640 2764->2777 2792 7ff704a96e04-7ff704a96e0f 2765->2792 2793 7ff704a96e4c-7ff704a96e57 2765->2793 2768->2729 2787 7ff704a96db6 call 7ff704ab220c 2776->2787 2788 7ff704a96d9a-7ff704a96dad 2776->2788 2777->2765 2778->2710 2787->2777 2788->2763 2798 7ff704a96db3 2788->2798 2801 7ff704a96e11 2792->2801 2802 7ff704a96e14-7ff704a96e1a 2792->2802 2807 7ff704a96e59 2793->2807 2808 7ff704a96e5c-7ff704a96e60 2793->2808 2804 7ff704a96f8b-7ff704a96f99 2795->2804 2805 7ff704a96fbc-7ff704a96fe0 call 7ff704ab3640 2795->2805 2796->2700 2797->2726 2798->2787 2801->2802 2802->2793 2810 7ff704a96e1c-7ff704a96e1f 2802->2810 2812 7ff704a96fb7 call 7ff704ab220c 2804->2812 2813 7ff704a96f9b-7ff704a96fae 2804->2813 2805->2796 2807->2808 2816 7ff704a96e82-7ff704a96e96 2808->2816 2817 7ff704a96e62-7ff704a96e6a 2808->2817 2820 7ff704a96e21-7ff704a96e30 2810->2820 2821 7ff704a96e3b-7ff704a96e47 call 7ff704a81744 2810->2821 2812->2805 2813->2769 2824 7ff704a96fb4 2813->2824 2816->2797 2819 7ff704a96e9c-7ff704a96eaf 2816->2819 2827 7ff704a96e6f-7ff704a96e74 2817->2827 2828 7ff704a96e6c 2817->2828 2831 7ff704a96eb1 2819->2831 2832 7ff704a96eb4-7ff704a96eda call 7ff704a8129c call 7ff704a82034 2819->2832 2833 7ff704a96e32 2820->2833 2834 7ff704a96e35-7ff704a96e39 2820->2834 2821->2793 2822->2778 2855 7ff704a96c82-7ff704a96c94 2822->2855 2835 7ff704a96bfd-7ff704a96c0b 2823->2835 2836 7ff704a96c2e-7ff704a96c5e call 7ff704ab3640 2823->2836 2824->2812 2839 7ff704a96e76-7ff704a96e7b 2827->2839 2840 7ff704a96e7d 2827->2840 2828->2827 2831->2832 2856 7ff704a96edf-7ff704a96eea call 7ff704a81fa0 2832->2856 2833->2834 2834->2793 2844 7ff704a96c29 call 7ff704ab220c 2835->2844 2845 7ff704a96c0d-7ff704a96c20 2835->2845 2836->2822 2839->2816 2839->2840 2840->2816 2844->2836 2845->2768 2850 7ff704a96c26 2845->2850 2850->2844 2857 7ff704a96caf call 7ff704ab220c 2855->2857 2858 7ff704a96c96-7ff704a96ca9 2855->2858 2856->2702 2857->2778 2858->2732 2858->2857
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                • String ID: DXGIDebug.dll$UNC$\\?\
                                • API String ID: 4097890229-4048004291
                                • Opcode ID: 578fd2387317544cd648c907e913c9b970bf7a6567f04bf42065129e2c891f4e
                                • Instruction ID: 7e5c5bd7ca0935a1f5b9393320e1dd1822152fb9da53500700e1491d0ca8755e
                                • Opcode Fuzzy Hash: 578fd2387317544cd648c907e913c9b970bf7a6567f04bf42065129e2c891f4e
                                • Instruction Fuzzy Hash: 4E12A2A2B18A4284EB10EF66DC845BDA371EF81B98FA04135DA5D07BE9DF3CD945C360
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 2cdda2d44f2f3f9bb0a3e7cdc727b5379f904c783244e4c9adda47cb215496cb
                                • Instruction ID: eb50d2ab116f5ea522145c7d84b9ec7f22104eb5a8770213016ca560a3838a93
                                • Opcode Fuzzy Hash: 2cdda2d44f2f3f9bb0a3e7cdc727b5379f904c783244e4c9adda47cb215496cb
                                • Instruction Fuzzy Hash: B612C5A2F1874284EB10EF66D8846BDA371EF45798FA0023AEA5C17AD6DF3CD585C350

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 3949 7ff704a924c0-7ff704a924fb 3950 7ff704a92506 3949->3950 3951 7ff704a924fd-7ff704a92504 3949->3951 3952 7ff704a92509-7ff704a92578 3950->3952 3951->3950 3951->3952 3953 7ff704a9257a 3952->3953 3954 7ff704a9257d-7ff704a925a8 CreateFileW 3952->3954 3953->3954 3955 7ff704a92688-7ff704a9268d 3954->3955 3956 7ff704a925ae-7ff704a925de GetLastError call 7ff704a96a0c 3954->3956 3957 7ff704a92693-7ff704a92697 3955->3957 3965 7ff704a925e0-7ff704a9262a CreateFileW GetLastError 3956->3965 3966 7ff704a9262c 3956->3966 3959 7ff704a926a5-7ff704a926a9 3957->3959 3960 7ff704a92699-7ff704a9269c 3957->3960 3963 7ff704a926cf-7ff704a926e3 3959->3963 3964 7ff704a926ab-7ff704a926af 3959->3964 3960->3959 3962 7ff704a9269e 3960->3962 3962->3959 3968 7ff704a926e5-7ff704a926f0 3963->3968 3969 7ff704a9270c-7ff704a92735 call 7ff704ab2320 3963->3969 3964->3963 3967 7ff704a926b1-7ff704a926c9 SetFileTime 3964->3967 3970 7ff704a92632-7ff704a9263a 3965->3970 3966->3970 3967->3963 3972 7ff704a926f2-7ff704a926fa 3968->3972 3973 7ff704a92708 3968->3973 3974 7ff704a92673-7ff704a92686 3970->3974 3975 7ff704a9263c-7ff704a92653 3970->3975 3979 7ff704a926ff-7ff704a92703 call 7ff704a820b0 3972->3979 3980 7ff704a926fc 3972->3980 3973->3969 3974->3957 3976 7ff704a92655-7ff704a92668 3975->3976 3977 7ff704a9266e call 7ff704ab220c 3975->3977 3976->3977 3982 7ff704a92736-7ff704a9273b call 7ff704ab7904 3976->3982 3977->3974 3979->3973 3980->3979
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3536497005-0
                                • Opcode ID: 33f6b48159d5b7d750ef9f2960fa93fa1ced6f4fdcb3bbf877704cc21e72eec3
                                • Instruction ID: df60252e9be6fdd1a25f3d0abf9865961102933b1fe0a33ff2d9f57901c89874
                                • Opcode Fuzzy Hash: 33f6b48159d5b7d750ef9f2960fa93fa1ced6f4fdcb3bbf877704cc21e72eec3
                                • Instruction Fuzzy Hash: 9F61E5A6A1864185E720AF2AEC8076EA7B1FF847A8F601734DFAD03AD4DF3DD4548750

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Global$Resource$Object$AllocBitmapCreateDeleteGdipLoadLock$FindFreeFromSizeofStreamUnlock
                                • String ID: ]
                                • API String ID: 3561356813-3352871620
                                • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                • Instruction ID: 22ce4622ccfe49511a67223a770821506eebed06f328ade19dacf29cb9f41629
                                • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                • Instruction Fuzzy Hash: 73119AA2B0D64246FA64FF139994B79D291AF88BC4FA80034DA1D07B95DF2DF8148660

                                Control-flow Graph

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Message$DialogDispatchPeekTranslate
                                • String ID:
                                • API String ID: 1266772231-0
                                • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                • Instruction ID: a5bf564dca4a4ab93b002a29a3b351c07d843b7215b32fb5a997c3b706e99200
                                • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                • Instruction Fuzzy Hash: 40F08C72A3855282FB60AF22ECD4E36A360BFE0709FD01431E60E81854CF3DD108CB14

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: AutoClassCompareCompleteFindNameStringWindow
                                • String ID: EDIT
                                • API String ID: 4243998846-3080729518
                                • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                • Instruction ID: 917adad4b820a27f33130fb9f418a81549baa4e2c54f07094c692b42660f567f
                                • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                • Instruction Fuzzy Hash: C80162E2B19A4781FA60AF23EC94BF6A394BF98744FE40031C95D0A655DF2CE14DC660

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 4259 7ff704a92ce0-7ff704a92d0a 4260 7ff704a92d13-7ff704a92d1b 4259->4260 4261 7ff704a92d0c-7ff704a92d0e 4259->4261 4263 7ff704a92d2b 4260->4263 4264 7ff704a92d1d-7ff704a92d28 GetStdHandle 4260->4264 4262 7ff704a92ea9-7ff704a92ec4 call 7ff704ab2320 4261->4262 4266 7ff704a92d31-7ff704a92d3d 4263->4266 4264->4263 4268 7ff704a92d3f-7ff704a92d44 4266->4268 4269 7ff704a92d86-7ff704a92da2 WriteFile 4266->4269 4270 7ff704a92daf-7ff704a92db3 4268->4270 4271 7ff704a92d46-7ff704a92d7a WriteFile 4268->4271 4272 7ff704a92da6-7ff704a92da9 4269->4272 4274 7ff704a92ea2-7ff704a92ea6 4270->4274 4275 7ff704a92db9-7ff704a92dbd 4270->4275 4271->4272 4273 7ff704a92d7c-7ff704a92d82 4271->4273 4272->4270 4272->4274 4273->4271 4276 7ff704a92d84 4273->4276 4274->4262 4275->4274 4277 7ff704a92dc3-7ff704a92dd8 call 7ff704a8b4f8 4275->4277 4276->4272 4280 7ff704a92dda-7ff704a92de1 4277->4280 4281 7ff704a92e1e-7ff704a92e6d call 7ff704ab797c call 7ff704a8129c call 7ff704a8bca8 4277->4281 4280->4266 4283 7ff704a92de7-7ff704a92de9 4280->4283 4281->4274 4292 7ff704a92e6f-7ff704a92e86 4281->4292 4283->4266 4285 7ff704a92def-7ff704a92e19 4283->4285 4285->4266 4293 7ff704a92e88-7ff704a92e9b 4292->4293 4294 7ff704a92e9d call 7ff704ab220c 4292->4294 4293->4294 4295 7ff704a92ec5-7ff704a92ecb call 7ff704ab7904 4293->4295 4294->4274
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: FileWrite$Handle
                                • String ID:
                                • API String ID: 4209713984-0
                                • Opcode ID: 0e24b38da4911ce84cd1995b05bc76a48cdbb6549566894b7731c3bd6f5b2069
                                • Instruction ID: a7a7b73f7844e6e0482dd7757a6441b0065a3a5bd8757dae08c66ffd02557642
                                • Opcode Fuzzy Hash: 0e24b38da4911ce84cd1995b05bc76a48cdbb6549566894b7731c3bd6f5b2069
                                • Instruction Fuzzy Hash: 0851D6A3A1964252FA60EF26DCC4B7AA350FF44794FA40535EA0D07AD5DF7CE885C320
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$TextWindow
                                • String ID:
                                • API String ID: 2912839123-0
                                • Opcode ID: 1b20f76afdfd22dd2e77bc3aa1a8b97bb92d7033175fc9363e55deaf7abb2eb9
                                • Instruction ID: 08f4d63d37cce496cec88ed589f27d8aa9cf999602d6f6f4da57f6a00a1348dc
                                • Opcode Fuzzy Hash: 1b20f76afdfd22dd2e77bc3aa1a8b97bb92d7033175fc9363e55deaf7abb2eb9
                                • Instruction Fuzzy Hash: 065183A2F1865184FB00AFA6DC857AD6322BF45794FE08636DA1C16BD6DF6CD440C360
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 1452418845-0
                                • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                • Instruction ID: c814730fdb65db4b93dd90359e04c20934c0a04b0f52e1cf266ef88c70fe7514
                                • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                • Instruction Fuzzy Hash: 8A314DA2E0D10341FA64BF679CD9FBA9791AF45344FE4047AE90E0B2D3DF2CA44482B0
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 2359106489-0
                                • Opcode ID: c692564d5d1c2d87129f870fd8c4aa882645ff23391cbc0b7309d447f995f5b9
                                • Instruction ID: fdc7e08dc953e7734b81ad896fab18ea7ccabd8a7e5ff7a11a1da97265f1a9e8
                                • Opcode Fuzzy Hash: c692564d5d1c2d87129f870fd8c4aa882645ff23391cbc0b7309d447f995f5b9
                                • Instruction Fuzzy Hash: 8A3186E6A1C64241EE60FF269CC467AE361BF89790FA40231EE9D46795DF3CD8458720
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ErrorLast$FileHandleRead
                                • String ID:
                                • API String ID: 2244327787-0
                                • Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                • Instruction ID: 85e9171a9971d095d806ae8d761f9c73f6bd3bd24fff80543d7552cd4e39c84d
                                • Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                • Instruction Fuzzy Hash: A8217162A0854291EA60BF12AC80B7AF3A0BF85B94FB44974DA5D46784CF7CDC858772
                                APIs
                                  • Part of subcall function 00007FF704A9ECD8: ResetEvent.KERNEL32 ref: 00007FF704A9ECF1
                                  • Part of subcall function 00007FF704A9ECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF704A9ED07
                                • ReleaseSemaphore.KERNEL32 ref: 00007FF704A9E974
                                • CloseHandle.KERNELBASE ref: 00007FF704A9E993
                                • DeleteCriticalSection.KERNEL32 ref: 00007FF704A9E9AA
                                • CloseHandle.KERNEL32 ref: 00007FF704A9E9B7
                                  • Part of subcall function 00007FF704A9EA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF704A9E95F,?,?,?,00007FF704A9463A,?,?,?), ref: 00007FF704A9EA63
                                  • Part of subcall function 00007FF704A9EA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF704A9E95F,?,?,?,00007FF704A9463A,?,?,?), ref: 00007FF704A9EA6E
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CloseHandleReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                • String ID:
                                • API String ID: 502429940-0
                                • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                • Instruction ID: 4af53a274b5e4bf1d98527a5637bf0e3d4ad02168e46fb1349af0330d50c31a1
                                • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                • Instruction Fuzzy Hash: 7A016D72A14A91A2E298FF22ED84A6DE360FF84B81F500035DB5D03665CF39E4B48750
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Thread$CreatePriority
                                • String ID: CreateThread failed
                                • API String ID: 2610526550-3849766595
                                • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                • Instruction ID: ab40447c341d5c3d41c69b4003129073c428f8348b73e88de5739400febc669a
                                • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                • Instruction Fuzzy Hash: 3D1182B1A09A4281E710FF12ECC19AAF360FF94784FE48135E64D02669EF7CE946C764
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: DirectoryInitializeMallocSystem
                                • String ID: riched20.dll
                                • API String ID: 174490985-3360196438
                                • Opcode ID: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                • Instruction ID: f911c8a12a00202dd9b2125ba3ce9390de32f430c4feacc62c692eaeb3de3747
                                • Opcode Fuzzy Hash: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                • Instruction Fuzzy Hash: 35F0AFB1618A4182EB00AF62FC84AAAF3A0FF88358F900131E99D42B54DF7CD588CB10
                                APIs
                                  • Part of subcall function 00007FF704AA853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF704AA856C
                                  • Part of subcall function 00007FF704A9AAE0: LoadStringW.USER32 ref: 00007FF704A9AB67
                                  • Part of subcall function 00007FF704A9AAE0: LoadStringW.USER32 ref: 00007FF704A9AB80
                                  • Part of subcall function 00007FF704A81FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF704A81FFB
                                  • Part of subcall function 00007FF704A8129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF704A81396
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF704AB01BB
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF704AB01C1
                                • SendDlgItemMessageW.USER32 ref: 00007FF704AB01F2
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                • String ID:
                                • API String ID: 3106221260-0
                                • Opcode ID: 0ba9d7466e2ed286356a428e3ab9ecfacbc224ee868a2430a0277f0c3a9d5fdb
                                • Instruction ID: 50ef8f4b566b58eb3b22ba99dda068aaca66104aaf7c3660fb8ae51bdd37ebad
                                • Opcode Fuzzy Hash: 0ba9d7466e2ed286356a428e3ab9ecfacbc224ee868a2430a0277f0c3a9d5fdb
                                • Instruction Fuzzy Hash: 3051B3A2F0564246FB10BFA2DC856FDA362AF85788FA00236DA1D577D6DF2CD501C3A0
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 2371198981-0
                                • Opcode ID: b58c3ba223658e9cb1a3b6c82220b5fab691779d7047793570d88e2901c0ef41
                                • Instruction ID: e58db104d14db0a811ab0690044f69414fd54d8d922b45a4769363c7511d1e95
                                • Opcode Fuzzy Hash: b58c3ba223658e9cb1a3b6c82220b5fab691779d7047793570d88e2901c0ef41
                                • Instruction Fuzzy Hash: 7341F5B1B0864985EA04EF13E984A79E355EF04BE0FA44639DE6C07BD5EF7CE0928314
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 2272807158-0
                                • Opcode ID: c0a24921bb432fc979f0151b166e22e2d4d2ab91ccee52ff8beeeb5fa3cca71f
                                • Instruction ID: 6bcc2f24523baf7a4f8ea6528bb757c568a0883fb35870e32beca4391602f57f
                                • Opcode Fuzzy Hash: c0a24921bb432fc979f0151b166e22e2d4d2ab91ccee52ff8beeeb5fa3cca71f
                                • Instruction Fuzzy Hash: 1C41C5B360478192EB14AF16EC84B69A3A0FF847B4F604B35DBAD07AD5CF3CD8908610
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 2176759853-0
                                • Opcode ID: 41410b057bf1bfc832f9111b5635005432e9644e209f963b7c0d07f0c95fee55
                                • Instruction ID: 95da0aa8491356022e9b2bb854f47c763717c9a3c121d78e18528540645f2342
                                • Opcode Fuzzy Hash: 41410b057bf1bfc832f9111b5635005432e9644e209f963b7c0d07f0c95fee55
                                • Instruction Fuzzy Hash: 1D21A4B3A18B8181EA10AF66A88057AB364FF89BD0F644235EBDD03B95DF3CD141C740
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: std::bad_alloc::bad_alloc
                                • String ID:
                                • API String ID: 1875163511-0
                                • Opcode ID: 5d5f35b7d0b1a8ec44982466ed86c266d3277025963138b758b7e20b27780546
                                • Instruction ID: f9c96fa8b546b0a801cec22c94e30e37d09fc3079b509e17b9affee593e42f27
                                • Opcode Fuzzy Hash: 5d5f35b7d0b1a8ec44982466ed86c266d3277025963138b758b7e20b27780546
                                • Instruction Fuzzy Hash: C83196A3A0C68651FB24BF16EC847B9E3A0FF54B84FA44431D24C06AAADF7CD965C351
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 1203560049-0
                                • Opcode ID: a1f7dc1dbaba3642fc9690cddce522cfa30acb7a6fd15afbd6a0ae69969149b0
                                • Instruction ID: 15cd0bdf8dd5ceaa76833aff25c9f6ce7b901a4636ede6e4f3dba143c0f2b72b
                                • Opcode Fuzzy Hash: a1f7dc1dbaba3642fc9690cddce522cfa30acb7a6fd15afbd6a0ae69969149b0
                                • Instruction Fuzzy Hash: 6321D862A1868141FE20AF26ECD566DA360FF88794FA44230EE9D47695DF2CD540C710
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3118131910-0
                                • Opcode ID: 69d2c27007a20e930861445e234d5951a1cf09c7b93575dd70fe51422861bc3e
                                • Instruction ID: 2d50d5c4f7703cbd5e01547ac2e4dacedb69c3b4b983d11b5c184cdbe24fe70b
                                • Opcode Fuzzy Hash: 69d2c27007a20e930861445e234d5951a1cf09c7b93575dd70fe51422861bc3e
                                • Instruction Fuzzy Hash: 3A21CDA2A1878181EE10AF26FC8466EA370FF98B94FA01235EE9E47795DF3CD540C750
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 1203560049-0
                                • Opcode ID: 07782a0afab47d92a22bff3076416a7edfcd43da74ab10a948eda14518e6746e
                                • Instruction ID: 6bab4e027af26489a6f6583c3e0b3a2c3da1dce18ffd463bb27df626ded83ee4
                                • Opcode Fuzzy Hash: 07782a0afab47d92a22bff3076416a7edfcd43da74ab10a948eda14518e6746e
                                • Instruction Fuzzy Hash: C32177A2A1878181EE10AF2AEC8456AA371FFC97A4FA00231EA9D47BD5DF3CD540C750
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Process$CurrentExitTerminate
                                • String ID:
                                • API String ID: 1703294689-0
                                • Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                • Instruction ID: e6a884f0cc1fa280dd3fa0686eb8159aa323966d80fe7ac5824e3720f1f47d91
                                • Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                • Instruction Fuzzy Hash: 9EE01AA4A043058AEAA47F329CD5B79A3526F88B42F60543CD84A02397CF3DE40986B0
                                APIs
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF704A8F895
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF704A8F89B
                                  • Part of subcall function 00007FF704A93EC8: FindClose.KERNELBASE(?,?,00000000,00007FF704AA0811), ref: 00007FF704A93EFD
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                • String ID:
                                • API String ID: 3587649625-0
                                • Opcode ID: ff05a0ad3b9c4f4235e1478b2c69edca0b6840efc482a2fd304b53339564797e
                                • Instruction ID: 44ef4e9f33fe97da83371949a8e7060e0d185799e10245bfface205589c9fc88
                                • Opcode Fuzzy Hash: ff05a0ad3b9c4f4235e1478b2c69edca0b6840efc482a2fd304b53339564797e
                                • Instruction Fuzzy Hash: F591B3B3B1868294EB10EF26DC846ADA361FF84798FE04139EA4C07AD9DF78D545C350
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: e528197958c249f96fae0a8177de4e8d77b9f71d72b6948629aa37281091aefa
                                • Instruction ID: 0b1d3a3851047db3b14a73672b25c6e18cf72a9f8fa714190a308f528187a733
                                • Opcode Fuzzy Hash: e528197958c249f96fae0a8177de4e8d77b9f71d72b6948629aa37281091aefa
                                • Instruction Fuzzy Hash: 2441B3A2F1565184FF00EFB2D890AFDA320EF44B98FA45139DE1D27ADADF7994428350
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 73155330-0
                                • Opcode ID: b9a010b26f48187301c14e27f7b591ab3f639a50221d778f31cdfa0ab4da68dc
                                • Instruction ID: ac0bc4819ead6d46947810b1b79122777fae2bef49970ebfbf3df5d1e960a351
                                • Opcode Fuzzy Hash: b9a010b26f48187301c14e27f7b591ab3f639a50221d778f31cdfa0ab4da68dc
                                • Instruction Fuzzy Hash: 9141B2B2B0464691EE10AF17A984ABAE351EF04BE0FE80635DE6D47BD6DF7CD4428350
                                APIs
                                • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF704A9274D), ref: 00007FF704A928A9
                                • GetLastError.KERNEL32(?,00007FF704A9274D), ref: 00007FF704A928B8
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ErrorFileLastPointer
                                • String ID:
                                • API String ID: 2976181284-0
                                • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                • Instruction ID: 13c92782b5c965fcaf5acfb71033240d81138244229b9eef3561d82da7f8c4cc
                                • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                • Instruction Fuzzy Hash: E431D4A3B19A5692EE606F2BDDC0BB8A350AF04BD4FA44571DE1D17790DF3CE8418360
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Item_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 1746051919-0
                                • Opcode ID: 8d40ccc84b580f33f3dafee36447434fcdf79cb76bf08fc935a239d44bb79c76
                                • Instruction ID: 5e90b9e092228152830701994eba104bd6edb71b66ea9d5b5b2081198d11ea3a
                                • Opcode Fuzzy Hash: 8d40ccc84b580f33f3dafee36447434fcdf79cb76bf08fc935a239d44bb79c76
                                • Instruction Fuzzy Hash: 6431A3B2A1874541EA20AF16E8957BAF360EF84790FA44235EA9C07B96DF3CE5408754
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: File$BuffersFlushTime
                                • String ID:
                                • API String ID: 1392018926-0
                                • Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                • Instruction ID: 9ab49e86672db79a2ba828c2c947d3741ac51ebca2609d45512dbcc1f4f11e5e
                                • Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                • Instruction Fuzzy Hash: 6C21B5A3E09B42A1EA61AE13DC84BB697D0AF11795FA54471DE4C06295EF3CDD46C220
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: LoadString
                                • String ID:
                                • API String ID: 2948472770-0
                                • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                • Instruction ID: 73664433f9bae8a533d3e1d935252f1f51762b565a67817740addba5ca0654f5
                                • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                • Instruction Fuzzy Hash: 5E118EF0B0865186EA00AF1BAC80829F7A1BF98FC4FE44435CA2D93721DF7CE9418358
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ErrorFileLastPointer
                                • String ID:
                                • API String ID: 2976181284-0
                                • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                • Instruction ID: 582f122aa6ecec3960c297aabfa5d9ee97a49667d4c66bd89ae9c7cdec201e8f
                                • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                • Instruction Fuzzy Hash: 79119366A0864291FB60AF26ECC0A69A260FF447A4FA40731DA7D122D5CF3CD982C310
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ItemRectTextWindow$Clientswprintf
                                • String ID:
                                • API String ID: 3322643685-0
                                • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                • Instruction ID: 512c13b8aa7d344b89d04723f485bf630ac760f5f0316acf71dd58e51d14034f
                                • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                • Instruction Fuzzy Hash: 9A01B9A1A0D24641FF597F53ACD4B79D7519F89744FA40079C91D062DADF2CE884C320
                                APIs
                                • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF704A9EBAD,?,?,?,?,00007FF704A95752,?,?,?,00007FF704A956DE), ref: 00007FF704A9EB5C
                                • GetProcessAffinityMask.KERNEL32 ref: 00007FF704A9EB6F
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Process$AffinityCurrentMask
                                • String ID:
                                • API String ID: 1231390398-0
                                • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                • Instruction ID: ba82e66fff0fcb5bbeac2d09bb2c1334b8333557202cd8b0df7d7e2920449dce
                                • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                • Instruction Fuzzy Hash: 73E0E5A1B1458646DB58AF56CC809AAA392BF88B40FD48035D60B83614DF2CE5458B10
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                • String ID:
                                • API String ID: 1173176844-0
                                • Opcode ID: c507040392a2377e4895e65205c3b95c5fe2146e3485fc393c80d7c2ffdcaf26
                                • Instruction ID: 8f3667cf2d8455e1a55e9efb34299a211a19aa41d73d7dbe40844669dfadaf55
                                • Opcode Fuzzy Hash: c507040392a2377e4895e65205c3b95c5fe2146e3485fc393c80d7c2ffdcaf26
                                • Instruction Fuzzy Hash: 5AE0ECD2E0B10745FD183AB72CA9AB580404F29370EF85B71DA3E086D7AF1CA5A281B0
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ErrorFreeHeapLast
                                • String ID:
                                • API String ID: 485612231-0
                                • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                • Instruction ID: 8c3ba6bcda04f2b8ec42b0d3c30b5e66e7d7d8809b3c8c6dc2f2d3b6a83453e4
                                • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                • Instruction Fuzzy Hash: 37E08CE0E0960342FF28BFB39CD59B8A2906F98B51FA44034C90D86353EF3CA48586B0
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 33f84bb692d5293623e3afab48e0196588e748b5593b514a14a7011791a52734
                                • Instruction ID: 8e766cea844c2381792ba6f6efefcad20e235889dcc3d9f4f700b733d84e09c9
                                • Opcode Fuzzy Hash: 33f84bb692d5293623e3afab48e0196588e748b5593b514a14a7011791a52734
                                • Instruction Fuzzy Hash: 1CD185E2B0868555EF68AF2799806B9B7A1FF05F84FA40039CE5D077A5CF39E4618720
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 1017591355-0
                                • Opcode ID: d592eabcbe9af83a373b8b16b8cc449c2e49e9c4d9704c8b20a1f27e4dd7bd8a
                                • Instruction ID: a3edb805c59d5513232335b462bdc31eb7296a724567edb17ee4093771a1c468
                                • Opcode Fuzzy Hash: d592eabcbe9af83a373b8b16b8cc449c2e49e9c4d9704c8b20a1f27e4dd7bd8a
                                • Instruction Fuzzy Hash: 0D61D692E0C65791F9A6BE175C969BAD3919F807D0FF44131DE4D06AC5EF6CEC404230
                                APIs
                                  • Part of subcall function 00007FF704A9E948: ReleaseSemaphore.KERNEL32 ref: 00007FF704A9E974
                                  • Part of subcall function 00007FF704A9E948: CloseHandle.KERNELBASE ref: 00007FF704A9E993
                                  • Part of subcall function 00007FF704A9E948: DeleteCriticalSection.KERNEL32 ref: 00007FF704A9E9AA
                                  • Part of subcall function 00007FF704A9E948: CloseHandle.KERNEL32 ref: 00007FF704A9E9B7
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF704AA1ACB
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CloseHandle$CriticalDeleteReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 904680172-0
                                • Opcode ID: 385a02acb57b8c59120be0c34ea2f347caf4614f8b231966af7ef80d9636563d
                                • Instruction ID: 9124dc4b92688e144841e72eb6f7c5edcb119f51584b0b22b91245989fdce402
                                • Opcode Fuzzy Hash: 385a02acb57b8c59120be0c34ea2f347caf4614f8b231966af7ef80d9636563d
                                • Instruction Fuzzy Hash: 0161C2B3715685A1EE08EF66D9945BCB364FF40B90FA44632D72D0BAC6CF28E4718390
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: af1c5978b98fda9a8b2c18bb3354693c366be56127f8703ff8eb31aec807914d
                                • Instruction ID: da3ca1861a10d016078ff7da41801f35a512845002346d92bb8cbffb705e8809
                                • Opcode Fuzzy Hash: af1c5978b98fda9a8b2c18bb3354693c366be56127f8703ff8eb31aec807914d
                                • Instruction Fuzzy Hash: 185196E2A0864290EA14BF179C84BAAA751FF85BC4FA4013ADE5D47396DF3DE485C360
                                APIs
                                  • Part of subcall function 00007FF704A93EC8: FindClose.KERNELBASE(?,?,00000000,00007FF704AA0811), ref: 00007FF704A93EFD
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF704A8E993
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 1011579015-0
                                • Opcode ID: 1ed87b38f53b3cf50e1c2200cac218cce737f4e527dde5fbd83d50be022e59e1
                                • Instruction ID: 0d7b9b2d9a38e35f21ee62dc3637bb19940319d983d0cc5a87e052960d0f885c
                                • Opcode Fuzzy Hash: 1ed87b38f53b3cf50e1c2200cac218cce737f4e527dde5fbd83d50be022e59e1
                                • Instruction Fuzzy Hash: 785185A2A0868681FF60AF26D8C577EB351FF84B84FA4013ADA9D477A5DF2CD441C320
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 21d3448974cb6f656698ab284dce21aa375e6d8eca53aed82b2546dc5fa40d58
                                • Instruction ID: b49d418c33d212229315acdf7811880818bac180be5b55cdce505ab546efe5df
                                • Opcode Fuzzy Hash: 21d3448974cb6f656698ab284dce21aa375e6d8eca53aed82b2546dc5fa40d58
                                • Instruction Fuzzy Hash: 0C41C6B2B1869241FA14AE17AE84779E251EF44FC0F948536EE4C47F5ADF7CD8518340
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 56fb8cc9aabd16c687145b8809587fd2b26f3257f780f8e7ed96006f2e57f286
                                • Instruction ID: f983f88b1bc1d8031a9f06e1617ca75c4bda1a997989cd473bad80509dc5d92c
                                • Opcode Fuzzy Hash: 56fb8cc9aabd16c687145b8809587fd2b26f3257f780f8e7ed96006f2e57f286
                                • Instruction Fuzzy Hash: DE41D7A2A1870180FE14AF16ED85779A361EF89BD8FA41135EE4D077D9DF3DE8408760
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: HandleModule$AddressFreeLibraryProc
                                • String ID:
                                • API String ID: 3947729631-0
                                • Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                • Instruction ID: 05fc0877af76b4dc5987690b52135438144703347dc6c966667b45dee345f078
                                • Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                • Instruction Fuzzy Hash: BD41B7A1A1861282FA64BF179CD09789251BF54B44FE4443ADA0E47AE2DF3DF840C7B0
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                • String ID:
                                • API String ID: 680105476-0
                                • Opcode ID: 5f70ec598a32dba177b48fd583f3b862a0aa537e2dc8d8b66d599bca5bf88280
                                • Instruction ID: 39b1ca26cc18d076bb09aa7e5b04df017ae39c84c5b735caf15f7aacfdcacd62
                                • Opcode Fuzzy Hash: 5f70ec598a32dba177b48fd583f3b862a0aa537e2dc8d8b66d599bca5bf88280
                                • Instruction Fuzzy Hash: EC21A3B2A0825185EA14AF53A8806B9A250FF05BF0FB80B35DE7D0BBC1DF7CE4528350
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                • Instruction ID: 971d37bdfcdeda511514bbbf1fd65ca079908a7efec549f2f046a2445582c39d
                                • Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                • Instruction Fuzzy Hash: 90113DB6A1C74286F660AF529CC0979A294FF40384FE40535E69D9B797DF2CE4008B64
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 58579bce4bc1021bb98a03ef504395245509186ce5efb4717343b6b5f18682a3
                                • Instruction ID: bce022d043195fcd5cc00deeb7cc4771f1fd7204daa67a88c0de1e4188ebb860
                                • Opcode Fuzzy Hash: 58579bce4bc1021bb98a03ef504395245509186ce5efb4717343b6b5f18682a3
                                • Instruction Fuzzy Hash: CF0108E2E1878541EE11BF26E885669B361FFC4B90FE04235EA9C077A5DF2DD0408714
                                APIs
                                  • Part of subcall function 00007FF704AB1604: GetModuleHandleW.KERNEL32(?,?,?,00007FF704AB1573,?,?,?,00007FF704AB192A), ref: 00007FF704AB162B
                                • DloadProtectSection.DELAYIMP ref: 00007FF704AB15C9
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: DloadHandleModuleProtectSection
                                • String ID:
                                • API String ID: 2883838935-0
                                • Opcode ID: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
                                • Instruction ID: 3de082c5ab1b75a33eee09092712fd221aadbcc1dcc9bb96f46cb263559da01e
                                • Opcode Fuzzy Hash: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
                                • Instruction Fuzzy Hash: 1911ACF0D4860681FB60BF07ACD5B709350AF1C789FB44538C91E472A2EF3CA89586B4
                                APIs
                                  • Part of subcall function 00007FF704A940BC: FindFirstFileW.KERNELBASE ref: 00007FF704A9410B
                                  • Part of subcall function 00007FF704A940BC: FindFirstFileW.KERNELBASE ref: 00007FF704A9415E
                                  • Part of subcall function 00007FF704A940BC: GetLastError.KERNEL32 ref: 00007FF704A941AF
                                • FindClose.KERNELBASE(?,?,00000000,00007FF704AA0811), ref: 00007FF704A93EFD
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Find$FileFirst$CloseErrorLast
                                • String ID:
                                • API String ID: 1464966427-0
                                • Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                • Instruction ID: 281fc39f79acdf5b576f1bbf8bee2965d9e71cb310b546d87dd22026e32caf22
                                • Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                • Instruction Fuzzy Hash: 6FF081A250824185EE50BF76AD805B977709F19BB4F645339EE3D0B2CBCF28D8448764
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 6331896312cb8e4c1d169fe77c3e8d30130163df7be40750d77952921d5cf396
                                • Instruction ID: 5fcd8d8fa694c79847ae8a019a25ce3f87d6a9a2669d4fda6eeac9f37e576a4e
                                • Opcode Fuzzy Hash: 6331896312cb8e4c1d169fe77c3e8d30130163df7be40750d77952921d5cf396
                                • Instruction Fuzzy Hash: 72F054F171068980EE18AF6AD48876C5362EF44B88FA44436D74C4B656DF6DD891C354
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: File
                                • String ID:
                                • API String ID: 749574446-0
                                • Opcode ID: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                • Instruction ID: a2de57f62274278270e237bdfd7a40809ed5585e14ec533f1cadbd0b8400eaf8
                                • Opcode Fuzzy Hash: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                • Instruction Fuzzy Hash: D5E08C92A2052582EF60BF2BCC82A689320AF8CB85B981070CE0D07321CF2CC8818A60
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: FileType
                                • String ID:
                                • API String ID: 3081899298-0
                                • Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                • Instruction ID: 5c3d30437defa6f77ac7aa2463317111e3c86623ef8c44143c553eb6470f8552
                                • Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                • Instruction Fuzzy Hash: 40D0C95290945192E950AA369C9153C6250AF92736FF40B70D63E816E1CB1D9896A321
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CurrentDirectory
                                • String ID:
                                • API String ID: 1611563598-0
                                • Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                • Instruction ID: d8fd425f61a813e65dcb9df44a3d695453ac9c7213dee966f1cfa6147f64a520
                                • Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                • Instruction Fuzzy Hash: F1C08C20F15502C1EE08BF27CCC941813A4BF40B05FB04038C10C81260CF2CC8EAD365
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: AllocHeap
                                • String ID:
                                • API String ID: 4292702814-0
                                • Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                • Instruction ID: 1afec6f72eff4c8c902313c2ef85cc74de8d7b173d6520f45cbba7b1f5f6e583
                                • Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                • Instruction Fuzzy Hash: 09F049D4B0930749FE587E639D91AB5D2805F59B80FEC5438D90E8B3C3EF2CA68142B0
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CloseHandle
                                • String ID:
                                • API String ID: 2962429428-0
                                • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                • Instruction ID: 372222b7a1fdf13f4e52b0f6d097adfa2f46671d7e2124beefac14efab66e33d
                                • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                • Instruction Fuzzy Hash: A8F0A972A4954255FB249F62DC81779A660EF14B78FB84374D73D011D4CF28D8A58320
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: AllocHeap
                                • String ID:
                                • API String ID: 4292702814-0
                                • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                • Instruction ID: 1c048b9847be521e50638bfb3843fe563abffe693d788999f4417a7fd03f95a9
                                • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                • Instruction Fuzzy Hash: 27F058D0B0924745FF647EB35DD1EB592905F847A0FE81630D92E86AC3DF2CA48082B0
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
                                • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                • API String ID: 2659423929-3508440684
                                • Opcode ID: 5e44b816d37aa15c8bc93fb647ff289bd59fc38e1ab6cc2ff94f4b8665b3db8a
                                • Instruction ID: 77bc554b1a3f2b6231ec710cd0d6ee6efb9d50ee8bb080869c8317994963e7ee
                                • Opcode Fuzzy Hash: 5e44b816d37aa15c8bc93fb647ff289bd59fc38e1ab6cc2ff94f4b8665b3db8a
                                • Instruction Fuzzy Hash: 7762C6A2F0864285FB00AF76DC84ABDA361EF857A4FA04235DA6C576D6DF3CD545C320
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
                                • String ID: %ls$%s: %s
                                • API String ID: 2539828978-2259941744
                                • Opcode ID: 6e6934fffba85a003559e3c9f5bf0afe7ce15bc57e9d0b94c360e8deda467df6
                                • Instruction ID: 45d73ab409cb5fbc3e79ea87d9251879270e66886059126e2df17c8ceedf330c
                                • Opcode Fuzzy Hash: 6e6934fffba85a003559e3c9f5bf0afe7ce15bc57e9d0b94c360e8deda467df6
                                • Instruction Fuzzy Hash: 60B277A3A1868242EA10BF27DCD49BAE311FFD5790FA04236E69D47AD6EF6CD540C350
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfomemcpy_s
                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                • API String ID: 1759834784-2761157908
                                • Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                • Instruction ID: e62754c6433c9bc8dc855ea5454c16901b1f4a5d961a845bcd5a0d0549c4451a
                                • Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                • Instruction Fuzzy Hash: 74B2DAB3E081828AEBB5AE66DC80BF9B791FF54788FA05135DE0957B84DF38E5048750
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                • String ID: rtmp
                                • API String ID: 3587137053-870060881
                                • Opcode ID: 1ffb243e08b8fb519680c97ae3cffafb4c96412676108627d27e6b4ac5b9e215
                                • Instruction ID: 7618500a003a89d08a498384baafbddbe307007140b4331e6ef50fc94eb6b07b
                                • Opcode Fuzzy Hash: 1ffb243e08b8fb519680c97ae3cffafb4c96412676108627d27e6b4ac5b9e215
                                • Instruction Fuzzy Hash: B6F1B4B2B08A4291FA10EF66DCC05BDA761FF85784FA00136EA4D47AA9DF3CD985C750
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 1693479884-0
                                • Opcode ID: 1e7c5ac9d18d4859634b67c516166c1ae8f0dcc4e332a300e03a2fc1b19988e3
                                • Instruction ID: 2b0eb5bb97d38c2b64c589775f5bc8156ae25db42d5effdaad03841eae38f90a
                                • Opcode Fuzzy Hash: 1e7c5ac9d18d4859634b67c516166c1ae8f0dcc4e332a300e03a2fc1b19988e3
                                • Instruction Fuzzy Hash: F4A1C6A3F14A5254FF11AF7B8C859BDA361AF44BA4BA44235DE2D17BC9DF3CE4418210
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                • String ID:
                                • API String ID: 3140674995-0
                                • Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                • Instruction ID: b685df9740c917e7a4a0a2a1fa84b6eee5d7715ff0771df3e92cc385f49f5a71
                                • Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                • Instruction Fuzzy Hash: B0315CB2609B818AEB60AF61EC907EDB364FB84744F94503ADA4D47B89DF3CD548C760
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                • String ID:
                                • API String ID: 1239891234-0
                                • Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                • Instruction ID: cf4d3954468849462cff271eecea1d1a6896a06f6a926dbafaf410ec4fac0619
                                • Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                • Instruction Fuzzy Hash: 21316F76608B8185DB60AF66EC806EEB3A4FB84754FA00136EE8D43B99DF3CD155C750
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 00c65ffcf60346d337f61221e85b83ea90a30423c350e1db36569143759fd9a8
                                • Instruction ID: 7d678c5ef36a0e6df06035d481ed973ec8734ca360ee9bf675e119e75cb7725b
                                • Opcode Fuzzy Hash: 00c65ffcf60346d337f61221e85b83ea90a30423c350e1db36569143759fd9a8
                                • Instruction Fuzzy Hash: 6AB1C2B2A1468645EB10AF66DC846FDA361FF85788FA01239EA5C07BDADF3CD541C310
                                APIs
                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF704ABFAC4
                                  • Part of subcall function 00007FF704AB7934: GetCurrentProcess.KERNEL32(00007FF704AC0CCD), ref: 00007FF704AB7961
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CurrentProcess_invalid_parameter_noinfo
                                • String ID: *?$.
                                • API String ID: 2518042432-3972193922
                                • Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                • Instruction ID: 7362fc4cc0258be638e1f151268d66a6f71643b10c2f79e7bb7a205e802b1b78
                                • Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                • Instruction Fuzzy Hash: 085119A2B1575549EF11EFA39C908B8A3A0FF58BD8BA84531EE1D57B86DF3CD0418350
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: memcpy_s
                                • String ID:
                                • API String ID: 1502251526-0
                                • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                • Instruction ID: dcf5a1b1e2c50f6fbd90117e3bc8eeccb6715bd09a0b048971be4818c0bc3d89
                                • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                • Instruction Fuzzy Hash: 2ED1A273B1828687DB74DF16A584BAAB7A1FB98784F648134CB4E57B44DB3CE841CB00
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ErrorFormatFreeLastLocalMessage
                                • String ID:
                                • API String ID: 1365068426-0
                                • Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                • Instruction ID: f61977b1d1c3373b6859c1d61e20a01fe17c73b851ba4745e18d442abcd49753
                                • Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                • Instruction Fuzzy Hash: 6601F4B560C74182E760AF13BC9057AA395FF897C1F944038EA8E47B45CF3CE5058760
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID: .
                                • API String ID: 0-248832578
                                • Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                • Instruction ID: 8ab5c885188205a29713f19e8d2b999c7a57067fab54fdde7ea48fbcfaf070de
                                • Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                • Instruction Fuzzy Hash: A8311C61B0469149E760AE379C44BB9A651BF45BE4FA88235EE5C47BC6CF3CD5018340
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ExceptionRaise_clrfp
                                • String ID:
                                • API String ID: 15204871-0
                                • Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                • Instruction ID: 51f84558b551ee85b9f00b1e1ea4b65bacb519b5939e930c51bd7b9f83ceb8a9
                                • Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                • Instruction Fuzzy Hash: F5B18173A04B948BE765DF2AC88536C7BE0FB44B48F648931EA5D877A4CB39E451C710
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ObjectRelease$CapsDevice
                                • String ID:
                                • API String ID: 1061551593-0
                                • Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                • Instruction ID: 16b46d612fd4688a7353e8792cefd9e300eb6642015f9d08d860185cd0716b8e
                                • Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                • Instruction Fuzzy Hash: 70813BB6B08A1586EB20EF6AD880AADB771FB88B88F504136DE0D57724DF3DD545C390
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: FormatInfoLocaleNumber
                                • String ID:
                                • API String ID: 2169056816-0
                                • Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                • Instruction ID: 94f89f0efcb17b5e5108996d5e3e71d19667dcef38f25633ff459aa4f9b69409
                                • Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                • Instruction Fuzzy Hash: BA115CB6A08B8195E761AF12E880BE9B360FF88B44FD44135DA8D03754DF3CE155CB68
                                APIs
                                  • Part of subcall function 00007FF704A924C0: CreateFileW.KERNELBASE ref: 00007FF704A9259B
                                  • Part of subcall function 00007FF704A924C0: GetLastError.KERNEL32 ref: 00007FF704A925AE
                                  • Part of subcall function 00007FF704A924C0: CreateFileW.KERNEL32 ref: 00007FF704A9260E
                                  • Part of subcall function 00007FF704A924C0: GetLastError.KERNEL32 ref: 00007FF704A92617
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF704A915D0
                                  • Part of subcall function 00007FF704A93980: MoveFileW.KERNEL32 ref: 00007FF704A939BD
                                  • Part of subcall function 00007FF704A93980: MoveFileW.KERNEL32 ref: 00007FF704A93A34
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 34527147-0
                                • Opcode ID: f4ba19db134fffdb72e5179b0e3b1489712cd3e3a676d213efa016387a492e8d
                                • Instruction ID: 748eedabe21696780ffd3def076dbafb897179b44a7eea65e3249df99edf4370
                                • Opcode Fuzzy Hash: f4ba19db134fffdb72e5179b0e3b1489712cd3e3a676d213efa016387a492e8d
                                • Instruction Fuzzy Hash: 7091B2B2B1864681EA50EF67DC84AAEA360FF84BC4FA04036EE4D47B95DF38D945C350
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Version
                                • String ID:
                                • API String ID: 1889659487-0
                                • Opcode ID: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                • Instruction ID: 2da20e62e00e5c9047a673f6d481df51793f1d0522ba66873db65aeb12617a57
                                • Opcode Fuzzy Hash: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                • Instruction Fuzzy Hash: 3701DBB2D0954286F664AF12EC91B75B2A1FF98314FA00235D66D46794DB3CE4058A20
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID: 0
                                • API String ID: 3215553584-4108050209
                                • Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                • Instruction ID: 678c1c277b449945714abac9fc1159524c994fba3df1d4a1713156b6af812413
                                • Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                • Instruction Fuzzy Hash: 4C8106E1A1814242EAA4BE1B8CC0E7DA398EF51B44FF4153ADD0987697CF3DE845C7A0
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID: 0
                                • API String ID: 3215553584-4108050209
                                • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                • Instruction ID: 6ec384e870e7dbf903d7711f48d231cfd1a0f0488b459bb4377131e69d99ddd6
                                • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                • Instruction Fuzzy Hash: 057106E1A0C28246EA64BE2F88C0A7DE7989F41744FF4153DCD0997687CF2DE84687E1
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID: gj
                                • API String ID: 0-4203073231
                                • Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                • Instruction ID: a36d132c165e3f453224d59175afd120393089b79609fa1ff3bab951e5a855a9
                                • Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                • Instruction Fuzzy Hash: 8151B1777286908BD724CF26E840A9EB3A5F388758F445126EF4A83B05CB39E945CF40
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                • Instruction ID: 121d574643f4038bf016de039a5e99ba5f218a0a844a011384d2ea7cf73296a8
                                • Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                • Instruction Fuzzy Hash: 5D41DFA2714A4486EF04DF2BD894AA9B3A1AB48FD0B999036DE1D8B755DF3CD041C350
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: HeapProcess
                                • String ID:
                                • API String ID: 54951025-0
                                • Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                • Instruction ID: ccee81f6f71bfa12e487aae729ddcd6e4e0595204a84b70771877ac474d1a12e
                                • Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                • Instruction Fuzzy Hash: C6B092A0E17B02C2EA483F176CD269462A8BF48701FE4A038C10C41320DF3C20AA4720
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 93e830777a8553980f5fe243353a36f6d8d27a5fc8052bc9569f2c684e316ecf
                                • Instruction ID: f17088a7660f814942622a0750445c6b60f0476f57ad59e439dc01170f8530c9
                                • Opcode Fuzzy Hash: 93e830777a8553980f5fe243353a36f6d8d27a5fc8052bc9569f2c684e316ecf
                                • Instruction Fuzzy Hash: 1B8249B3A096C186DB04DF26D884ABCBB61EB55B88F68C136DE4E07385DB3DD855C360
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                • Instruction ID: 4a595864c2976b6801f1e7a75dada21d83c51881a1615aa93f6176a51266e091
                                • Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                • Instruction Fuzzy Hash: 62627D9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 569adc29ececf777b1726fc3f5cd67d4b9927b4b604ee9515eb09b13eba64041
                                • Instruction ID: 5a799ff5899cd6befe03927afabccf6e34a1cde44be6439c29694f5905877459
                                • Opcode Fuzzy Hash: 569adc29ececf777b1726fc3f5cd67d4b9927b4b604ee9515eb09b13eba64041
                                • Instruction Fuzzy Hash: 708232B3A092C09AD724DF25D884AFCBBA1FB55B48F688136CA4D07785CB3CD495C764
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                • Instruction ID: 66859775b1ddea647642dd69bf2155fe054ce83d584aaf4e3ccd939602087d9e
                                • Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                • Instruction Fuzzy Hash: 5E22C2B3B246508BD728CF25DC9AE5E3766F798744B4B8228DB0ACB785DB38D505CB40
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                • Instruction ID: bc9a679f270244e80beedbdf64b63ef37c169a973824749032cb41c6476e4e9b
                                • Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                • Instruction Fuzzy Hash: 783202B3A041819BE71CDF25D990ABCB7A1FB54B08F518139DB4A87B84DB3CE865C790
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                • Instruction ID: 5122f8f555a22d934a06613aafce9ec275fc2d1aa452a582277922b28f9c2fe7
                                • Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                • Instruction Fuzzy Hash: 8CC1BDB7B281908FE350CF7AE440A9D7BB1F39878CB519125EF59A3B09D639E605CB40
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                • Instruction ID: 0ad6dcdd7a162d0778ce2e9fdbc710c7c03ed3844ac4e5f27e768a4f9068a6bf
                                • Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                • Instruction Fuzzy Hash: CCA138B3A0818146EB25EE26DC84BFDA791EF94744FA54175DE4907786CF3CE8A1C3A0
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                • Instruction ID: ea6a6b3eac989b864a36b451a1f79f5a902e5b61b7fccc602ecae345c1d14931
                                • Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                • Instruction Fuzzy Hash: E6C10673A291E04DE302CBB6A8648FD3FB1F71D34DB464152EF9656B4AD6285201DF70
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: AddressProc
                                • String ID:
                                • API String ID: 190572456-0
                                • Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                • Instruction ID: 92965990d145267a70b84f3498fe2d51d2037b1d1677ae78ec28e5bfabbf969e
                                • Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                • Instruction Fuzzy Hash: F09107A2B1858196EB11EF2ADC91AFDA721FF95788F941031EF4E07649EF38E645C310
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                • Instruction ID: f4f7b74c08181f5eadf390a5ec88a6c560ecbd0ae219193ff3e5d7f5b7e3d1ee
                                • Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                • Instruction Fuzzy Hash: 496104A2F191D149EB01DF769D808FDBBA1BB49784B958032CF9A57646CB38F905CB30
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                • Instruction ID: 81d0dcf41e80a2705f3bc0aa7165148aa894dd2bfb2e8536d286acd4b59c04aa
                                • Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                • Instruction Fuzzy Hash: 425141B3B181514BE7289F2AD844BADB751FB90B48FA44130DB094B789DF3DE564CBA0
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                • Instruction ID: 3f5d671eeb2fef1251c43667a32d91f29a451104fc30167f99106dceebf32366
                                • Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                • Instruction Fuzzy Hash: EF31D2F3A086814BD718EE269D906BEB790BB54344F548139DF4A87B41DB3CE466C750
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                • Instruction ID: 5c64f1dfe6fafb9f7fc2bb22146cea60f2f51ef68ee795f409296f06934f7a70
                                • Opcode Fuzzy Hash: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                • Instruction Fuzzy Hash: 3FF068F1B183558BDBA4DF2AA882A2A77D4FB08384F948039D59D83B04D73C94508F14
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                • Instruction ID: f5bcd53ebaac931973bd7984241ef70b3df307a6593124c25b1eb8ddf1fde89d
                                • Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                • Instruction Fuzzy Hash: AFA001A1908942D0EA94AF12ACA08B1A220BF50301BA02035E40D412A69F3CA40183A4
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                • API String ID: 3668304517-727060406
                                • Opcode ID: fc44dbfd106e66ad26630d810067bee7702886ae7b68d41755c36eb4d41d7e9a
                                • Instruction ID: 574b64205e692f4d73f061762bbf88bb21cd828542144a276edccf8c6a9fd633
                                • Opcode Fuzzy Hash: fc44dbfd106e66ad26630d810067bee7702886ae7b68d41755c36eb4d41d7e9a
                                • Instruction Fuzzy Hash: 0341F8B6A05B0199EB50AF62D8807ED73A5FF48798FA0013ADA5C13B95EF3CD155C390
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                • API String ID: 2565136772-3242537097
                                • Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                • Instruction ID: e3dc5e7cc0bc6cf14ee00ded10c6cf2dd3d08b4d92bde09697829a6fb850a529
                                • Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                • Instruction Fuzzy Hash: 1A2110E1E1AA0381FA64BF53ECD9A78A3A0BF54785FE40479C91E027A1DF3CA4458370
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                • String ID: GETPASSWORD1$Software\WinRAR SFX
                                • API String ID: 431506467-1315819833
                                • Opcode ID: d20c2f114c9109beee27ce5cf2a2d2fb90c2edf5e9b936924732424cb653f975
                                • Instruction ID: 54d28bcfad4b34b5ab1a9df0bf9442996789585475a0edba3a20c3df4e779ef6
                                • Opcode Fuzzy Hash: d20c2f114c9109beee27ce5cf2a2d2fb90c2edf5e9b936924732424cb653f975
                                • Instruction Fuzzy Hash: 61B1C3E3F1874285FB00AF66D884BBD63A1AF45394FA04235DA1C26AD9DF3CE455C394
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Global$AllocCreateStream
                                • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                • API String ID: 2868844859-1533471033
                                • Opcode ID: 2898a28f977da2e8be164ceb19746454dfb341212ef238b9de87e8b4e4f89fde
                                • Instruction ID: e69da31580b481f76a49bf7cdd1fba5714591ab875e8a6c9324e95552c33ddf6
                                • Opcode Fuzzy Hash: 2898a28f977da2e8be164ceb19746454dfb341212ef238b9de87e8b4e4f89fde
                                • Instruction Fuzzy Hash: C78192A3B18A0295FB10EFA6DC849EDA371AF44784FA04135CE1D176DAEF38D516C3A0
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                • API String ID: 3215553584-2617248754
                                • Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                • Instruction ID: 377eb4141bc2ca505ff0dc0579c1ef07c842ea761dfb21102ec4dea0f5fa4b9c
                                • Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                • Instruction Fuzzy Hash: 8E41ACB2A09B4589EB50DF26E881BE973A4EF18394FA14136EE4C03B55DF3CD065C394
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Window$MessageObjectSend$ClassDeleteLongName
                                • String ID: STATIC
                                • API String ID: 2845197485-1882779555
                                • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                • Instruction ID: 6455185e90ee6b716a838479acc71d8d265f2a79251607e5aacff6aacde1d132
                                • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                • Instruction Fuzzy Hash: 4F319462B0864246FA64FF13AD94BBAA391BF88BC4FA04030DD5D07B56DF3CD41587A0
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ItemTextWindow
                                • String ID: LICENSEDLG
                                • API String ID: 2478532303-2177901306
                                • Opcode ID: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                • Instruction ID: 3a325aa76b59ecdcf23861f32ef7187ddc77298db73db6c0eb2e405cfb184cc1
                                • Opcode Fuzzy Hash: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                • Instruction Fuzzy Hash: FC4192A6A0865282FB54AF13ECD4F79A3A0AF84F84FA44035DA1E03B94CF3DE555C364
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: AddressProc$CurrentDirectoryProcessSystem
                                • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                • API String ID: 2915667086-2207617598
                                • Opcode ID: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                • Instruction ID: 5e7ddcba1e4b83f57c3be86ddfee50616c0f65009faf3dd694615737781a829b
                                • Opcode Fuzzy Hash: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                • Instruction Fuzzy Hash: C23138E4A0AA0681EA54AF17BCD0979A3A0BF54B94FE40135D91E037A4DF7CF9418334
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: $
                                • API String ID: 3668304517-227171996
                                • Opcode ID: f2fdc83a9f6be17559bdfed1ab1fa604e61a382ff22291328a8e9483648cafea
                                • Instruction ID: 40a8e2f16d028664239b88de0abc59b6964d8bf5e341e67e788267661010885e
                                • Opcode Fuzzy Hash: f2fdc83a9f6be17559bdfed1ab1fa604e61a382ff22291328a8e9483648cafea
                                • Instruction Fuzzy Hash: BEF1D1A3F1574640EE00BF66D8C49BDA361AF44B98FA05639CA1D177D5EF7CE0A483A0
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                • String ID: csm$csm$csm
                                • API String ID: 2940173790-393685449
                                • Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                • Instruction ID: a03ca42f3ac0a9f6075a88bd9bc00979ae9e17c97515906835838ac5d8bd1a7b
                                • Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                • Instruction Fuzzy Hash: 14E1BEB2D087829AE711AF66D8C0BADB7A0FF45748FA40135DA8D47697CF38E481C790
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: AllocClearStringVariant
                                • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                • API String ID: 1959693985-3505469590
                                • Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                • Instruction ID: 7769da5d38adac6a027e2199b872f8d238213ba8494ba7c1a6ca9f2175b715c8
                                • Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                • Instruction Fuzzy Hash: 317140B6A14A1595EB20EF26DCC09ADB7B0FF88B98BA41136DA4E43B64CF3CD544C350
                                APIs
                                • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF704AB74F3,?,?,?,00007FF704AB525E,?,?,?,00007FF704AB5219), ref: 00007FF704AB7371
                                • GetLastError.KERNEL32(?,?,00000000,00007FF704AB74F3,?,?,?,00007FF704AB525E,?,?,?,00007FF704AB5219), ref: 00007FF704AB737F
                                • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF704AB74F3,?,?,?,00007FF704AB525E,?,?,?,00007FF704AB5219), ref: 00007FF704AB73A9
                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF704AB74F3,?,?,?,00007FF704AB525E,?,?,?,00007FF704AB5219), ref: 00007FF704AB73EF
                                • GetProcAddress.KERNEL32(?,?,00000000,00007FF704AB74F3,?,?,?,00007FF704AB525E,?,?,?,00007FF704AB5219), ref: 00007FF704AB73FB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Library$Load$AddressErrorFreeLastProc
                                • String ID: api-ms-
                                • API String ID: 2559590344-2084034818
                                • Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                • Instruction ID: 073888d33d11d5a3bc64f9e26f38b58ea44a843ee2c611b42112c39d54681735
                                • Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                • Instruction Fuzzy Hash: CB31E4A5A1AB4281EE61BF07AC80DB5A294FF84BA0FB94535DD1D0B781DF7CE0448370
                                APIs
                                • GetModuleHandleW.KERNEL32(?,?,?,00007FF704AB1573,?,?,?,00007FF704AB192A), ref: 00007FF704AB162B
                                • GetProcAddress.KERNEL32(?,?,?,00007FF704AB1573,?,?,?,00007FF704AB192A), ref: 00007FF704AB1648
                                • GetProcAddress.KERNEL32(?,?,?,00007FF704AB1573,?,?,?,00007FF704AB192A), ref: 00007FF704AB1664
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: AddressProc$HandleModule
                                • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                • API String ID: 667068680-1718035505
                                • Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                • Instruction ID: 3c28c53efe54a8b636e8376909fa1518f00222b4a81a491c99282cda54657f64
                                • Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                • Instruction Fuzzy Hash: D211FAA0A1AB4281FEA5BF07BDE0A7492A5AF087D4FF85439C81D06355EF3CA8448670
                                APIs
                                  • Part of subcall function 00007FF704A951A4: GetVersionExW.KERNEL32 ref: 00007FF704A951D5
                                • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF704A85AB4), ref: 00007FF704A9ED8C
                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF704A85AB4), ref: 00007FF704A9ED98
                                • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF704A85AB4), ref: 00007FF704A9EDA8
                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF704A85AB4), ref: 00007FF704A9EDB6
                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF704A85AB4), ref: 00007FF704A9EDC4
                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF704A85AB4), ref: 00007FF704A9EE05
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Time$File$System$Local$SpecificVersion
                                • String ID:
                                • API String ID: 2092733347-0
                                • Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                • Instruction ID: 666e4f9f9b01b1d49fff7cbd3f19e6153743e7932d550e2473bbcfeeb7ad850b
                                • Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                • Instruction Fuzzy Hash: 60518CB2B106518AEB14DFA9D8845ACB7B1FB48B88BA0403ADE1D57B58DF38E945C710
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Time$File$System$Local$SpecificVersion
                                • String ID:
                                • API String ID: 2092733347-0
                                • Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                • Instruction ID: 344d7c543afe4b4b5c12eb9469c714946d0860ae7ae45ea06a4568de54b2b909
                                • Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                • Instruction Fuzzy Hash: 6F3138A2B10A518EEB10DFB5D8805AC7770FF08759BA4503AEE1E97A58EF38D895C310
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: .rar$exe$rar$sfx
                                • API String ID: 3668304517-630704357
                                • Opcode ID: f9f2bcf0cb8583d59a24b9b75f9a5c37ac97f6480bd350e44fae3008da72eca6
                                • Instruction ID: 088c53af6f91bc03314aeeeebfaaedc02b487d39ceb9235ae8b742bd222d212c
                                • Opcode Fuzzy Hash: f9f2bcf0cb8583d59a24b9b75f9a5c37ac97f6480bd350e44fae3008da72eca6
                                • Instruction Fuzzy Hash: 86A1A2AAA1460680EA00BF26DCD5ABCA361FF54B98FA41235DD1D077D6DF3CE941C3A0
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: abort$CallEncodePointerTranslator
                                • String ID: MOC$RCC
                                • API String ID: 2889003569-2084237596
                                • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                • Instruction ID: 090b57eb77fd0109a3841d17726b0deeeeada52ea95003ddf6cc76c4fb1d1549
                                • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                • Instruction Fuzzy Hash: 9191C1B3E08B819AE710DF66E8806ADBBA0FB04788F644139EE4D07756DF38D195CB50
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                • String ID: csm$f
                                • API String ID: 2395640692-629598281
                                • Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                • Instruction ID: bfc54c6f346cd827cf39d3bfddd95e2b46c698fbd2457de446245928ca5ba170
                                • Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                • Instruction Fuzzy Hash: E451B471E1A602AAEB54EF16FC84E29B755FF40B8CFA08034D91A47749DF79E841C790
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
                                • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                • API String ID: 2102711378-639343689
                                • Opcode ID: 8e19f0960acccde70cdb6f4ae44bfdba7dde49cd3aecb391576d39059d5aab7f
                                • Instruction ID: 0edaef2d897fec1802142345b89c006fe55aa69d0324a8f194ff2d898bf02941
                                • Opcode Fuzzy Hash: 8e19f0960acccde70cdb6f4ae44bfdba7dde49cd3aecb391576d39059d5aab7f
                                • Instruction Fuzzy Hash: 4551B4A2E1875145FA10FF67ACC0ABDA370AF447A4FA00139DE1E176D6DF3CA485C260
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Window$Show$Rect
                                • String ID: RarHtmlClassName
                                • API String ID: 2396740005-1658105358
                                • Opcode ID: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                • Instruction ID: 107584cd1834729dd287569b0f775bf8a810cb91e5ffdebf240cc95ddeddf637
                                • Opcode Fuzzy Hash: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                • Instruction Fuzzy Hash: EC51A3A6A0974286EA24EF23E894B7BE3A0FF84780FA04035DE4E47B55DF3CE0558750
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                • String ID: sfxcmd$sfxpar
                                • API String ID: 3540648995-3493335439
                                • Opcode ID: ce72e9bcdfddcf2667ebe4c513ec0d1727c59f1d3b739ca42450d660fec21911
                                • Instruction ID: a89335c82d5f6acf9fcd04cd42511e9f70bf97839e4ad784663c0d739c396c3d
                                • Opcode Fuzzy Hash: ce72e9bcdfddcf2667ebe4c513ec0d1727c59f1d3b739ca42450d660fec21911
                                • Instruction Fuzzy Hash: CA3150B2A14A0584EB04AF66ECC49ACA371FF44B98FA40135DE5D177A9DF38D051C3A4
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID:
                                • String ID: RENAMEDLG$REPLACEFILEDLG
                                • API String ID: 0-56093855
                                • Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                • Instruction ID: a6d79955b8208930f2b904d276d80cd9ac94586db6202c02c499d527d76d9e6c
                                • Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                • Instruction Fuzzy Hash: 8521F9A6908A4784FA14AF17FCC4978A360AF49748FF40036E65D47360CF7CE0A48764
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: AddressFreeHandleLibraryModuleProc
                                • String ID: CorExitProcess$mscoree.dll
                                • API String ID: 4061214504-1276376045
                                • Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                • Instruction ID: c91dee07d760966541359f364e1db9e6b5e113a62adb65c2338cbeebde583648
                                • Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                • Instruction Fuzzy Hash: 4AF068A1A19A4281EF94BF12FCD4A79A3A0FF887A1FA41039D94F46755DF3CD484C710
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                • Instruction ID: c36a74381acde309ed1e079e992b1db6d394f757f79c2cfd0d77589b7901d80d
                                • Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                • Instruction Fuzzy Hash: 1181A3E2E1865245F7A0BF679CE0ABDA6A0BF49B48FA04135DD0E13795DF3CA441C728
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 2398171386-0
                                • Opcode ID: ed02a809717236ee1ed586c7e858dbefa1ed7ae72bbe3c8719455611c93ecd51
                                • Instruction ID: eb34c4196099773d6e50bd06c73e48d585215bceab0d91eef56ae7867f0d0856
                                • Opcode Fuzzy Hash: ed02a809717236ee1ed586c7e858dbefa1ed7ae72bbe3c8719455611c93ecd51
                                • Instruction Fuzzy Hash: 1451D4A2B04A0259FF50EF66EC80BBDA371AF487A8FA44635DE1D467D5DF3C98158310
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                • String ID:
                                • API String ID: 3659116390-0
                                • Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                • Instruction ID: 9f55f38846f4e5822e6f41d1d347087a8cc44b8f06e52e1f9c0ca8986fc97090
                                • Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                • Instruction Fuzzy Hash: B851E0B2A14A6185F760DF26D890BACBBB0FF48798F648135CE4A57B99CF38D045C324
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ByteCharMultiWide$AllocString
                                • String ID:
                                • API String ID: 262959230-0
                                • Opcode ID: 55eea0222137253c860f73f771396d48486a61dcff80d6f5aaddb46a2ec13fc8
                                • Instruction ID: 91af9697947ac75f29a1976f206179d19f60229e111d5dfbe02b13e6d11bd9b3
                                • Opcode Fuzzy Hash: 55eea0222137253c860f73f771396d48486a61dcff80d6f5aaddb46a2ec13fc8
                                • Instruction Fuzzy Hash: C341D6B1A0964589EB54AF339C90778A291FF04BE4FA44635EA6D477D6DF3CD04183A0
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: AddressProc
                                • String ID:
                                • API String ID: 190572456-0
                                • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                • Instruction ID: 6b8f66b16c801ab444635537ae8de390aa49dc168e85e885a12dc7f1f86f53d2
                                • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                • Instruction Fuzzy Hash: 3441E9A1B09A4185FE15AF136D80975E295BF48BD0FAD8635ED1E8B745EF3CE4408360
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _set_statfp
                                • String ID:
                                • API String ID: 1156100317-0
                                • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                • Instruction ID: d1cfbe9914d4f14d7c8de8ba1e0c72a148162157fa2d0207a60b310e88001440
                                • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                • Instruction Fuzzy Hash: D511D3FAE88627E1F6F4392AEDC5B7980416F553A0FE84A30F57D067D68F2CB4804128
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                • String ID:
                                • API String ID: 3621893840-0
                                • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                • Instruction ID: 3c618ad6f4742fd1f39c5fed948d4c5a08fb50b2c2dd6054f98e163baba47333
                                • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                • Instruction Fuzzy Hash: 99F06262B3944682F764AF22ECD4F36A251FFE4B05FE41030E55E81994DF2CD189CB24
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: __except_validate_context_recordabort
                                • String ID: csm$csm
                                • API String ID: 746414643-3733052814
                                • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                • Instruction ID: d6199a5019e39063f01ede23a90f00f929a9d70357ee48956aefb54264bf4c5b
                                • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                • Instruction Fuzzy Hash: 2571B2B2908A9186D760AF26D990B7DFBA0FF05B88F648135DE4C07B86CB3CD495C791
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID: $*
                                • API String ID: 3215553584-3982473090
                                • Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                • Instruction ID: 9e11f23a8671499b3354579e9a87a08e07ae452322dc5192dea3296311af8acb
                                • Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                • Instruction Fuzzy Hash: B65177B2D0D6428AE764BE2E88C477C7BA8FF05B18FB41139C6594529ACF3CD481C6A5
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ByteCharMultiWide$StringType
                                • String ID: $%s
                                • API String ID: 3586891840-3791308623
                                • Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                • Instruction ID: f87165d91e2c16fbd60944ea9a17a12db983009a30fef870d8a44e7febd871b5
                                • Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                • Instruction Fuzzy Hash: 2D419772B1878145EB61AF26DC80AA9A291FF44BA8F940635DE1D077C5DF3CE4458750
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CreateFrameInfo__except_validate_context_recordabort
                                • String ID: csm
                                • API String ID: 2466640111-1018135373
                                • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                • Instruction ID: 8d30deeb4190ac7b0d3d59f55afd2957b0fab1e28f45d0f04fbf4c4be77e3bfc
                                • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                • Instruction Fuzzy Hash: 40517FB2A1974187D620FF56E88166EB7A4FB88B94FA40134DF8D07B56CF38E450CB91
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ByteCharErrorFileLastMultiWideWrite
                                • String ID: U
                                • API String ID: 2456169464-4171548499
                                • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                • Instruction ID: a41be01b087a41160b1fb117b0e8a352696287257ae8524bc5d659b8308bf8d2
                                • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                • Instruction Fuzzy Hash: B741F662718A8182EB60EF26E8947B9B7A0FF88794FA04131EE4D87784DF3CD441C764
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ObjectRelease
                                • String ID:
                                • API String ID: 1429681911-3916222277
                                • Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                • Instruction ID: 2ab566fde9d273155289a8116ec8a5271160af46def497490ed6a35934ee699e
                                • Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                • Instruction Fuzzy Hash: 4731387560874286EA04EF13BC58A2BB7A0FB88FD5FA04435ED5A43B58CF3CE0498B14
                                APIs
                                • InitializeCriticalSection.KERNEL32(?,?,?,00007FF704AA317F,?,?,00001000,00007FF704A8E51D), ref: 00007FF704A9E8BB
                                • CreateSemaphoreW.KERNEL32(?,?,?,00007FF704AA317F,?,?,00001000,00007FF704A8E51D), ref: 00007FF704A9E8CB
                                • CreateEventW.KERNEL32(?,?,?,00007FF704AA317F,?,?,00001000,00007FF704A8E51D), ref: 00007FF704A9E8E4
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: Create$CriticalEventInitializeSectionSemaphore
                                • String ID: Thread pool initialization failed.
                                • API String ID: 3340455307-2182114853
                                • Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                • Instruction ID: e29823250155962fed20db3bd3b3c9a6d073b7e01d2853abb11fdad22198ff19
                                • Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                • Instruction Fuzzy Hash: 462108B2E1560186F750AF26DC84BAA72D1FF84B0CF688038CA0C0A285CF7E9845C7A4
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CapsDeviceRelease
                                • String ID:
                                • API String ID: 127614599-3916222277
                                • Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                • Instruction ID: d1b566b98b80a29ccd9dcb6e35f2c2d07bc992a7145a280ebf5d1707ef584c3c
                                • Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                • Instruction Fuzzy Hash: 5CE08C60B0864182FF086FB7B9C982BA261AB4CBD0F658035DA2A4BB99DE3CC4844314
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                • String ID:
                                • API String ID: 1137671866-0
                                • Opcode ID: 64aef18ff04eab08c409baf29ab39efa604b42b32c66aa702a45212cf192b6b0
                                • Instruction ID: f8c299709924b21cf8f7c9285a3a3ef89cc140b1bba7f4757e9828cbf57ad146
                                • Opcode Fuzzy Hash: 64aef18ff04eab08c409baf29ab39efa604b42b32c66aa702a45212cf192b6b0
                                • Instruction Fuzzy Hash: FCA1B5B2A1868291EA10EF66DC80AEDA371FF85784FE05536EA5D07AD9DF3CE544C310
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ErrorLast
                                • String ID:
                                • API String ID: 1452528299-0
                                • Opcode ID: 24e2b0a7584a146235c26f2adfc6d280b44448a91f14294483c7ec998d7fea82
                                • Instruction ID: 08a856690ebf2738685e02373ad9f817edd331591c1e690d3f400b18881bc684
                                • Opcode Fuzzy Hash: 24e2b0a7584a146235c26f2adfc6d280b44448a91f14294483c7ec998d7fea82
                                • Instruction Fuzzy Hash: 605193B2B14A4295FB00BF66DC846EC6321EF85B98FA04136DA1C57BD6EF2CD545C360
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                • String ID:
                                • API String ID: 1077098981-0
                                • Opcode ID: 91dec681af915968dd102d853b3eeeabd4842e789cbe2ad92d88e952f467e522
                                • Instruction ID: 3fb3adc4f752e7bde8d0732f33936e1aae8707e22437c5ed1f18a86c221a8e8b
                                • Opcode Fuzzy Hash: 91dec681af915968dd102d853b3eeeabd4842e789cbe2ad92d88e952f467e522
                                • Instruction Fuzzy Hash: B55162B2618B4286FB50AF22E884B6EB364FF94B84FA01035EA4D57A58DF3CD514CB50
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                • String ID:
                                • API String ID: 4141327611-0
                                • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                • Instruction ID: 3b2caaf9e9cf3012415f75a8634d4b2bacbf251830abd7f2a5d56dbaeddd9939
                                • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                • Instruction Fuzzy Hash: E341B6B1A0C64246FB62BF2298C0779E290EF91B90FB44135DA4D47AD7DF7CD84187A0
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3823481717-0
                                • Opcode ID: 1e191b709e62ef26e60e8f1d0cc24d6cdbe4e9a67f5d62f6318cd10f240089dc
                                • Instruction ID: 70e374a3389f5ebffea56bdbb1a2fca0fc9ead2ff00e0d3c02ebab17d1a22fbe
                                • Opcode Fuzzy Hash: 1e191b709e62ef26e60e8f1d0cc24d6cdbe4e9a67f5d62f6318cd10f240089dc
                                • Instruction Fuzzy Hash: FB41ADA2F14B5184FF00EFA6DC845AC6371BF48BA8BA05235DE5D26A99DF78D841C350
                                APIs
                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF704ABC45B), ref: 00007FF704AC0B91
                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF704ABC45B), ref: 00007FF704AC0BF3
                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF704ABC45B), ref: 00007FF704AC0C2D
                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF704ABC45B), ref: 00007FF704AC0C57
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                • String ID:
                                • API String ID: 1557788787-0
                                • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                • Instruction ID: 911cb26e17fdd91ffd71a42721f91cde5201b5a878b96d1f24759163e5b04882
                                • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                • Instruction Fuzzy Hash: 0F218061B1DB5181E6B4AF536880429E6A4FF94BD0BA84134DE9E63BA4DF3CE4528710
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ErrorLast$abort
                                • String ID:
                                • API String ID: 1447195878-0
                                • Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                • Instruction ID: 39d4288e858f06498f9585892ae6d60f2ef667c9a50980820fdf8acc4e939b24
                                • Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                • Instruction Fuzzy Hash: 7C018C90B0964242FA587F63AED5D3891A16F44790FB80538E92E47BD7EF2CB8044270
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: CapsDevice$Release
                                • String ID:
                                • API String ID: 1035833867-0
                                • Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                • Instruction ID: 4d59f8753d97b2bce2f11039e4f6b95d073c7356039045225db16291e9d3b99c
                                • Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                • Instruction Fuzzy Hash: 8FE0E5A4E0560242FF087F736CD993691509F48B45FA44439C82E46764DF3C90558624
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: DXGIDebug.dll
                                • API String ID: 3668304517-540382549
                                • Opcode ID: fc0cef6792cd47313c4d8163d3b1aee0c93f55466201bdcbbf2781f388ab2540
                                • Instruction ID: 6aff8dc982c3c5f5308707c36b5ff775fd50e184f860007b5274d0819c1a1505
                                • Opcode Fuzzy Hash: fc0cef6792cd47313c4d8163d3b1aee0c93f55466201bdcbbf2781f388ab2540
                                • Instruction Fuzzy Hash: ED71CFB2A14B8182EB14DF26E8847ADB3A4FF54794F904236DBAC07B95DF78D461C300
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID: e+000$gfff
                                • API String ID: 3215553584-3030954782
                                • Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                • Instruction ID: 9d23a18c70272884cf283837fdfdb5af59dde0806529accb2be15dde1e6796c3
                                • Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                • Instruction Fuzzy Hash: 58512EA2B187C146E7259F369C817AEAB91EF41B90F589231C69C47BD7CF2CD444C750
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                • String ID: SIZE
                                • API String ID: 449872665-3243624926
                                • Opcode ID: e0bc738575b9dfc7518a9e38475377609f14f4f1dbbb3954c7928ccc9b577437
                                • Instruction ID: f627d6aef16598206fde0cf202c3a26f12250ed544589a92dfd5f6a8dde678dd
                                • Opcode Fuzzy Hash: e0bc738575b9dfc7518a9e38475377609f14f4f1dbbb3954c7928ccc9b577437
                                • Instruction Fuzzy Hash: 8041E4E2A1864291EE50AF16DC81BBFA314EF89790FA04235EA9D067D6EF3CD544C710
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: FileModuleName_invalid_parameter_noinfo
                                • String ID: C:\Users\user\Desktop\123.sfx.exe
                                • API String ID: 3307058713-643797325
                                • Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                • Instruction ID: 4a767daf38213837cccc08f0d1541382bdaa73b7e7ce762f88730d04302a7e86
                                • Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                • Instruction Fuzzy Hash: 984163F6A08B5286EB14BF27AC808B9F794EF44794BE44036E95D47B46DF3DE44183A0
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ItemText$DialogWindow
                                • String ID: ASKNEXTVOL
                                • API String ID: 445417207-3402441367
                                • Opcode ID: df6f41e9741c0f8996d893104ea931d078e3acc76589f579c23b9fdb6368dbb8
                                • Instruction ID: 3624eedc8e61d4e25549cec66275a632d3aba5e9fcc40a34bc7053085134e11e
                                • Opcode Fuzzy Hash: df6f41e9741c0f8996d893104ea931d078e3acc76589f579c23b9fdb6368dbb8
                                • Instruction Fuzzy Hash: B84194E2A08A4245FA10BF13DCD0ABAA395AF85BC4FB44436DE4D07795DF3DE45187A0
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ByteCharMultiWide_snwprintf
                                • String ID: $%s$@%s
                                • API String ID: 2650857296-834177443
                                • Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                • Instruction ID: a7e3047e64f85a4181285fc08670c4bd20b9aeab3d53494afb0edf938272387a
                                • Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                • Instruction Fuzzy Hash: E831E4F2B19A4695EA50AF67DC80AEAA3A4FF44784FA01036DE0D07795EF3CE905C750
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: FileHandleType
                                • String ID: @
                                • API String ID: 3000768030-2766056989
                                • Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                • Instruction ID: 94de1f2ad3a58703fbc759931321cf5aff289428f0e829d3b26e328c3038b616
                                • Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                • Instruction Fuzzy Hash: 9B21E5A2A0868240EB60AF269CD057AA650EF55774F788339D66F077E5CF3CD881C3A0
                                APIs
                                • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF704AB1D3E), ref: 00007FF704AB40BC
                                • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF704AB1D3E), ref: 00007FF704AB4102
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ExceptionFileHeaderRaise
                                • String ID: csm
                                • API String ID: 2573137834-1018135373
                                • Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                • Instruction ID: 938b0b878056dc9ad7706090b7c0c427653a2dcfa38379f8f318888e8d52f50e
                                • Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                • Instruction Fuzzy Hash: 5C115B72608B4182EB609F16E880669B7A0FB88B84F684234DE8D0775ADF3DC561C740
                                APIs
                                • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF704A9E95F,?,?,?,00007FF704A9463A,?,?,?), ref: 00007FF704A9EA63
                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF704A9E95F,?,?,?,00007FF704A9463A,?,?,?), ref: 00007FF704A9EA6E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: ErrorLastObjectSingleWait
                                • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                • API String ID: 1211598281-2248577382
                                • Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                • Instruction ID: 556030fdddf61c0bfa91a798dd90b2100c7b22c30820689bd9e3f6fc0390f806
                                • Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                • Instruction Fuzzy Hash: C9E0E5A1E1981281F660BF239CC6869A250BF65765FF00330D13E416E19F2CA94A8220
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2123376648.00007FF704A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704A80000, based on PE: true
                                • Associated: 00000000.00000002.2123328572.00007FF704A80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123415808.00007FF704AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704ADB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123477497.00007FF704AE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2123597919.00007FF704AEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff704a80000_123.jbxd
                                Similarity
                                • API ID: FindHandleModuleResource
                                • String ID: RTL
                                • API String ID: 3537982541-834975271
                                • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                • Instruction ID: 08f9ce29f3b45911242ae74438b3820994e0f1276a619e929e3da3bcbe3fe5db
                                • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                • Instruction Fuzzy Hash: 2FD017D1F0A64282FF696F62AC89B7562906F18B42FA84039C84E06390EF2D9488C760

                                Execution Graph

                                Execution Coverage:12.7%
                                Dynamic/Decrypted Code Coverage:0%
                                Signature Coverage:12.9%
                                Total number of Nodes:1337
                                Total number of Limit Nodes:16
                                execution_graph 3518 401bc0 3519 401c11 3518->3519 3522 401bcd 3518->3522 3520 401c16 3519->3520 3521 401c3b GlobalAlloc 3519->3521 3524 401c56 3520->3524 3539 406577 lstrcpynW 3520->3539 3525 4065b4 21 API calls 3521->3525 3523 4023af 3522->3523 3527 401be4 3522->3527 3526 4065b4 21 API calls 3523->3526 3525->3524 3529 4023bc 3526->3529 3537 406577 lstrcpynW 3527->3537 3532 405bd7 MessageBoxIndirectW 3529->3532 3531 401c28 GlobalFree 3531->3524 3532->3524 3533 401bf3 3538 406577 lstrcpynW 3533->3538 3535 401c02 3540 406577 lstrcpynW 3535->3540 3537->3533 3538->3535 3539->3531 3540->3524 3541 402641 3542 402dcb 21 API calls 3541->3542 3543 402648 3542->3543 3546 406067 GetFileAttributesW CreateFileW 3543->3546 3545 402654 3546->3545 3547 4025c3 3557 402e0b 3547->3557 3551 4025d6 3552 4025f2 RegEnumKeyW 3551->3552 3553 4025fe RegEnumValueW 3551->3553 3555 402953 3551->3555 3554 402613 RegCloseKey 3552->3554 3553->3554 3554->3555 3558 402dcb 21 API calls 3557->3558 3559 402e22 3558->3559 3560 4063e4 RegOpenKeyExW 3559->3560 3561 4025cd 3560->3561 3562 402da9 3561->3562 3563 4065b4 21 API calls 3562->3563 3564 402dbe 3563->3564 3564->3551 3565 4015c8 3566 402dcb 21 API calls 3565->3566 3567 4015cf SetFileAttributesW 3566->3567 3568 4015e1 3567->3568 3482 401fc9 3483 402dcb 21 API calls 3482->3483 3484 401fcf 3483->3484 3485 4055fc 28 API calls 3484->3485 3486 401fd9 3485->3486 3487 405b5a 2 API calls 3486->3487 3488 401fdf 3487->3488 3489 402002 CloseHandle 3488->3489 3493 402953 3488->3493 3497 406a16 WaitForSingleObject 3488->3497 3489->3493 3492 401ff4 3494 402004 3492->3494 3495 401ff9 3492->3495 3494->3489 3502 4064be wsprintfW 3495->3502 3498 406a30 3497->3498 3499 406a42 GetExitCodeProcess 3498->3499 3500 4069a7 2 API calls 3498->3500 3499->3492 3501 406a37 WaitForSingleObject 3500->3501 3501->3498 3502->3489 3572 40204f 3573 402dcb 21 API calls 3572->3573 3574 402056 3573->3574 3575 40696b 5 API calls 3574->3575 3576 402065 3575->3576 3577 402081 GlobalAlloc 3576->3577 3586 4020f1 3576->3586 3578 402095 3577->3578 3577->3586 3579 40696b 5 API calls 3578->3579 3580 40209c 3579->3580 3581 40696b 5 API calls 3580->3581 3582 4020a6 3581->3582 3582->3586 3587 4064be wsprintfW 3582->3587 3584 4020df 3588 4064be wsprintfW 3584->3588 3587->3584 3588->3586 3589 40254f 3590 402e0b 21 API calls 3589->3590 3591 402559 3590->3591 3592 402dcb 21 API calls 3591->3592 3593 402562 3592->3593 3594 402953 3593->3594 3595 40256d RegQueryValueExW 3593->3595 3596 40258d 3595->3596 3599 402593 RegCloseKey 3595->3599 3596->3599 3600 4064be wsprintfW 3596->3600 3599->3594 3600->3599 3601 4021cf 3602 402dcb 21 API calls 3601->3602 3603 4021d6 3602->3603 3604 402dcb 21 API calls 3603->3604 3605 4021e0 3604->3605 3606 402dcb 21 API calls 3605->3606 3607 4021ea 3606->3607 3608 402dcb 21 API calls 3607->3608 3609 4021f4 3608->3609 3610 402dcb 21 API calls 3609->3610 3611 4021fe 3610->3611 3612 40223d CoCreateInstance 3611->3612 3613 402dcb 21 API calls 3611->3613 3616 40225c 3612->3616 3613->3612 3614 401423 28 API calls 3615 40231b 3614->3615 3616->3614 3616->3615 2939 403552 SetErrorMode GetVersionExW 2940 4035a6 GetVersionExW 2939->2940 2941 4035de 2939->2941 2940->2941 2942 403635 2941->2942 2943 40696b 5 API calls 2941->2943 3027 4068fb GetSystemDirectoryW 2942->3027 2943->2942 2945 40364b lstrlenA 2945->2942 2946 40365b 2945->2946 3030 40696b GetModuleHandleA 2946->3030 2949 40696b 5 API calls 2950 403669 2949->2950 2951 40696b 5 API calls 2950->2951 2952 403675 #17 OleInitialize SHGetFileInfoW 2951->2952 3036 406577 lstrcpynW 2952->3036 2955 4036c4 GetCommandLineW 3037 406577 lstrcpynW 2955->3037 2957 4036d6 3038 405e73 2957->3038 2960 403810 2961 403824 GetTempPathW 2960->2961 3042 403521 2961->3042 2963 40383c 2965 403840 GetWindowsDirectoryW lstrcatW 2963->2965 2966 403896 DeleteFileW 2963->2966 2964 40370e 2964->2960 2967 405e73 CharNextW 2964->2967 2973 403812 2964->2973 2968 403521 12 API calls 2965->2968 3052 4030a2 GetTickCount GetModuleFileNameW 2966->3052 2967->2964 2970 40385c 2968->2970 2970->2966 2972 403860 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 2970->2972 2971 4038aa 2974 403a9d ExitProcess CoUninitialize 2971->2974 2979 403951 2971->2979 2980 405e73 CharNextW 2971->2980 2976 403521 12 API calls 2972->2976 3137 406577 lstrcpynW 2973->3137 2977 403ad3 2974->2977 2978 403aaf 2974->2978 2984 40388e 2976->2984 2981 403b57 ExitProcess 2977->2981 2982 403adb GetCurrentProcess OpenProcessToken 2977->2982 3229 405bd7 2978->3229 3080 403c49 2979->3080 2995 4038c9 2980->2995 2986 403af3 LookupPrivilegeValueW AdjustTokenPrivileges 2982->2986 2987 403b27 2982->2987 2984->2966 2984->2974 2986->2987 2991 40696b 5 API calls 2987->2991 2992 403b2e 2991->2992 2997 403b43 ExitWindowsEx 2992->2997 3000 403b50 2992->3000 2993 403927 3138 405f4e 2993->3138 2994 40396a 3155 405b42 2994->3155 2995->2993 2995->2994 2997->2981 2997->3000 3233 40140b 3000->3233 3004 403989 3006 403992 3004->3006 3014 4039a1 3004->3014 3159 406577 lstrcpynW 3006->3159 3007 403946 3154 406577 lstrcpynW 3007->3154 3010 4039c7 wsprintfW 3160 4065b4 3010->3160 3014->3010 3015 403a03 GetFileAttributesW 3014->3015 3016 403a3d SetCurrentDirectoryW 3014->3016 3019 403a3b 3014->3019 3022 406337 40 API calls 3014->3022 3023 4065b4 21 API calls 3014->3023 3025 403ac5 CloseHandle 3014->3025 3177 405acb CreateDirectoryW 3014->3177 3180 405b25 CreateDirectoryW 3014->3180 3183 405c83 3014->3183 3223 405b5a CreateProcessW 3014->3223 3226 4068d4 FindFirstFileW 3014->3226 3015->3014 3017 403a0f DeleteFileW 3015->3017 3219 406337 MoveFileExW 3016->3219 3017->3014 3019->2974 3022->3014 3023->3014 3025->3019 3028 40691d wsprintfW LoadLibraryExW 3027->3028 3028->2945 3031 406991 GetProcAddress 3030->3031 3032 406987 3030->3032 3035 403662 3031->3035 3033 4068fb 3 API calls 3032->3033 3034 40698d 3033->3034 3034->3031 3034->3035 3035->2949 3036->2955 3037->2957 3039 405e79 3038->3039 3040 4036fc CharNextW 3039->3040 3041 405e80 CharNextW 3039->3041 3040->2964 3041->3039 3236 406825 3042->3236 3044 403537 3044->2963 3045 40352d 3045->3044 3245 405e46 lstrlenW CharPrevW 3045->3245 3048 405b25 2 API calls 3049 403545 3048->3049 3248 406096 3049->3248 3252 406067 GetFileAttributesW CreateFileW 3052->3252 3054 4030e2 3074 4030f2 3054->3074 3253 406577 lstrcpynW 3054->3253 3056 403108 3254 405e92 lstrlenW 3056->3254 3060 403119 GetFileSize 3061 403130 3060->3061 3077 403213 3060->3077 3067 40327f 3061->3067 3061->3074 3075 40303e 6 API calls 3061->3075 3061->3077 3292 4034f4 3061->3292 3063 40321c 3065 40324c GlobalAlloc 3063->3065 3063->3074 3295 40350a SetFilePointer 3063->3295 3270 40350a SetFilePointer 3065->3270 3071 40303e 6 API calls 3067->3071 3069 403235 3072 4034f4 ReadFile 3069->3072 3070 403267 3271 4032d9 3070->3271 3071->3074 3076 403240 3072->3076 3074->2971 3075->3061 3076->3065 3076->3074 3259 40303e 3077->3259 3078 403273 3078->3074 3078->3078 3079 4032b0 SetFilePointer 3078->3079 3079->3074 3081 40696b 5 API calls 3080->3081 3082 403c5d 3081->3082 3083 403c63 3082->3083 3084 403c75 3082->3084 3324 4064be wsprintfW 3083->3324 3325 406445 3084->3325 3086 403cc4 lstrcatW 3090 403c73 3086->3090 3089 406445 3 API calls 3089->3086 3316 403f1f 3090->3316 3093 405f4e 18 API calls 3094 403cf6 3093->3094 3095 403d8a 3094->3095 3097 406445 3 API calls 3094->3097 3096 405f4e 18 API calls 3095->3096 3098 403d90 3096->3098 3100 403d28 3097->3100 3099 403da0 LoadImageW 3098->3099 3101 4065b4 21 API calls 3098->3101 3102 403e46 3099->3102 3103 403dc7 RegisterClassW 3099->3103 3100->3095 3104 403d49 lstrlenW 3100->3104 3107 405e73 CharNextW 3100->3107 3101->3099 3106 40140b 2 API calls 3102->3106 3105 403dfd SystemParametersInfoW CreateWindowExW 3103->3105 3135 403961 3103->3135 3108 403d57 lstrcmpiW 3104->3108 3109 403d7d 3104->3109 3105->3102 3110 403e4c 3106->3110 3111 403d46 3107->3111 3108->3109 3112 403d67 GetFileAttributesW 3108->3112 3113 405e46 3 API calls 3109->3113 3115 403f1f 22 API calls 3110->3115 3110->3135 3111->3104 3114 403d73 3112->3114 3116 403d83 3113->3116 3114->3109 3117 405e92 2 API calls 3114->3117 3118 403e5d 3115->3118 3330 406577 lstrcpynW 3116->3330 3117->3109 3120 403e69 ShowWindow 3118->3120 3121 403eec 3118->3121 3123 4068fb 3 API calls 3120->3123 3331 4056cf OleInitialize 3121->3331 3125 403e81 3123->3125 3124 403ef2 3126 403ef6 3124->3126 3127 403f0e 3124->3127 3128 403e8f GetClassInfoW 3125->3128 3130 4068fb 3 API calls 3125->3130 3134 40140b 2 API calls 3126->3134 3126->3135 3129 40140b 2 API calls 3127->3129 3131 403ea3 GetClassInfoW RegisterClassW 3128->3131 3132 403eb9 DialogBoxParamW 3128->3132 3129->3135 3130->3128 3131->3132 3133 40140b 2 API calls 3132->3133 3136 403ee1 3133->3136 3134->3135 3135->2974 3136->3135 3137->2961 3353 406577 lstrcpynW 3138->3353 3140 405f5f 3354 405ef1 CharNextW CharNextW 3140->3354 3143 403933 3143->2974 3153 406577 lstrcpynW 3143->3153 3144 406825 5 API calls 3145 405f75 3144->3145 3145->3143 3150 405f8c 3145->3150 3146 405fa6 lstrlenW 3147 405fb1 3146->3147 3146->3150 3149 405e46 3 API calls 3147->3149 3148 4068d4 2 API calls 3148->3150 3151 405fb6 GetFileAttributesW 3149->3151 3150->3143 3150->3146 3150->3148 3152 405e92 2 API calls 3150->3152 3151->3143 3152->3146 3153->3007 3154->2979 3156 40696b 5 API calls 3155->3156 3157 40396f lstrlenW 3156->3157 3158 406577 lstrcpynW 3157->3158 3158->3004 3159->3014 3161 4065bf 3160->3161 3162 406806 3161->3162 3165 4067d7 lstrlenW 3161->3165 3166 4066d0 GetSystemDirectoryW 3161->3166 3167 4065b4 15 API calls 3161->3167 3169 406445 3 API calls 3161->3169 3171 4066e6 GetWindowsDirectoryW 3161->3171 3172 406778 lstrcatW 3161->3172 3173 406825 5 API calls 3161->3173 3174 4065b4 15 API calls 3161->3174 3175 40696b 5 API calls 3161->3175 3176 406748 SHGetPathFromIDListW CoTaskMemFree 3161->3176 3360 4064be wsprintfW 3161->3360 3361 406577 lstrcpynW 3161->3361 3163 40681f 3162->3163 3362 406577 lstrcpynW 3162->3362 3163->3014 3165->3161 3166->3161 3167->3165 3169->3161 3171->3161 3172->3161 3173->3161 3174->3161 3175->3161 3176->3161 3178 405b17 3177->3178 3179 405b1b GetLastError 3177->3179 3178->3014 3179->3178 3181 405b35 3180->3181 3182 405b39 GetLastError 3180->3182 3181->3014 3182->3181 3184 405f4e 18 API calls 3183->3184 3185 405ca3 3184->3185 3186 405cc2 3185->3186 3187 405cab DeleteFileW 3185->3187 3192 405de2 3186->3192 3363 406577 lstrcpynW 3186->3363 3216 405df9 3187->3216 3189 405ce8 3190 405cfb 3189->3190 3191 405cee lstrcatW 3189->3191 3193 405e92 2 API calls 3190->3193 3197 405d01 3191->3197 3194 4068d4 2 API calls 3192->3194 3192->3216 3193->3197 3195 405e07 3194->3195 3199 405e46 3 API calls 3195->3199 3195->3216 3196 405d11 lstrcatW 3198 405d1c lstrlenW FindFirstFileW 3196->3198 3197->3196 3197->3198 3198->3192 3217 405d3e 3198->3217 3200 405e11 3199->3200 3202 405c3b 5 API calls 3200->3202 3201 405dc5 FindNextFileW 3205 405ddb FindClose 3201->3205 3201->3217 3204 405e1d 3202->3204 3206 405e21 3204->3206 3207 405e37 3204->3207 3205->3192 3210 4055fc 28 API calls 3206->3210 3206->3216 3209 4055fc 28 API calls 3207->3209 3209->3216 3212 405e2e 3210->3212 3211 405c83 64 API calls 3211->3217 3214 406337 40 API calls 3212->3214 3213 4055fc 28 API calls 3213->3201 3214->3216 3215 4055fc 28 API calls 3215->3217 3216->3014 3217->3201 3217->3211 3217->3213 3217->3215 3218 406337 40 API calls 3217->3218 3364 406577 lstrcpynW 3217->3364 3365 405c3b 3217->3365 3218->3217 3220 403a4c CopyFileW 3219->3220 3221 40634b 3219->3221 3220->3014 3220->3019 3376 4061bd 3221->3376 3224 405b99 3223->3224 3225 405b8d CloseHandle 3223->3225 3224->3014 3225->3224 3227 4068f5 3226->3227 3228 4068ea FindClose 3226->3228 3227->3014 3228->3227 3230 405bec 3229->3230 3231 403abd ExitProcess 3230->3231 3232 405c00 MessageBoxIndirectW 3230->3232 3232->3231 3234 401389 2 API calls 3233->3234 3235 401420 3234->3235 3235->2981 3238 406832 3236->3238 3237 4068a8 3239 4068ad CharPrevW 3237->3239 3241 4068ce 3237->3241 3238->3237 3240 40689b CharNextW 3238->3240 3242 405e73 CharNextW 3238->3242 3243 406887 CharNextW 3238->3243 3244 406896 CharNextW 3238->3244 3239->3237 3240->3237 3240->3238 3241->3045 3242->3238 3243->3238 3244->3240 3246 405e62 lstrcatW 3245->3246 3247 40353f 3245->3247 3246->3247 3247->3048 3249 4060a3 GetTickCount GetTempFileNameW 3248->3249 3250 4060d9 3249->3250 3251 403550 3249->3251 3250->3249 3250->3251 3251->2963 3252->3054 3253->3056 3255 405ea0 3254->3255 3256 40310e 3255->3256 3257 405ea6 CharPrevW 3255->3257 3258 406577 lstrcpynW 3256->3258 3257->3255 3257->3256 3258->3060 3260 403047 3259->3260 3261 40305f 3259->3261 3262 403050 DestroyWindow 3260->3262 3263 403057 3260->3263 3264 403067 3261->3264 3265 40306f GetTickCount 3261->3265 3262->3263 3263->3063 3296 4069a7 3264->3296 3267 4030a0 3265->3267 3268 40307d CreateDialogParamW ShowWindow 3265->3268 3267->3063 3268->3267 3270->3070 3273 4032f2 3271->3273 3272 403320 3275 4034f4 ReadFile 3272->3275 3273->3272 3302 40350a SetFilePointer 3273->3302 3276 40332b 3275->3276 3277 40348d 3276->3277 3278 40333d GetTickCount 3276->3278 3280 403489 3276->3280 3279 4034cf 3277->3279 3284 403491 3277->3284 3278->3280 3288 40338c 3278->3288 3281 4034f4 ReadFile 3279->3281 3280->3078 3281->3280 3282 4034f4 ReadFile 3282->3288 3283 4034f4 ReadFile 3283->3284 3284->3280 3284->3283 3300 406119 WriteFile 3284->3300 3286 4033e2 GetTickCount 3286->3288 3287 403477 3287->3280 3288->3280 3288->3282 3288->3286 3288->3287 3289 403407 MulDiv wsprintfW 3288->3289 3291 406119 WriteFile 3288->3291 3303 4055fc 3289->3303 3291->3288 3314 4060ea ReadFile 3292->3314 3295->3069 3297 4069c4 PeekMessageW 3296->3297 3298 40306d 3297->3298 3299 4069ba DispatchMessageW 3297->3299 3298->3063 3299->3297 3301 406137 3300->3301 3301->3284 3302->3272 3304 405617 3303->3304 3305 4056b9 3303->3305 3306 405633 lstrlenW 3304->3306 3307 4065b4 21 API calls 3304->3307 3305->3288 3308 405641 lstrlenW 3306->3308 3309 40565c 3306->3309 3307->3306 3308->3305 3310 405653 lstrcatW 3308->3310 3311 405662 SetWindowTextW 3309->3311 3312 40566f 3309->3312 3310->3309 3311->3312 3312->3305 3313 405675 SendMessageW SendMessageW SendMessageW 3312->3313 3313->3305 3315 403507 3314->3315 3315->3061 3317 403f33 3316->3317 3338 4064be wsprintfW 3317->3338 3319 403fa4 3339 403fd8 3319->3339 3321 403cd4 3321->3093 3322 403fa9 3322->3321 3323 4065b4 21 API calls 3322->3323 3323->3322 3324->3090 3342 4063e4 3325->3342 3328 403ca5 3328->3086 3328->3089 3329 406479 RegQueryValueExW RegCloseKey 3329->3328 3330->3095 3346 404542 3331->3346 3333 404542 SendMessageW 3334 40572b OleUninitialize 3333->3334 3334->3124 3336 405719 3336->3333 3337 4056f2 3337->3336 3349 401389 3337->3349 3338->3319 3340 4065b4 21 API calls 3339->3340 3341 403fe6 SetWindowTextW 3340->3341 3341->3322 3343 4063f3 3342->3343 3344 4063f7 3343->3344 3345 4063fc RegOpenKeyExW 3343->3345 3344->3328 3344->3329 3345->3344 3347 40455a 3346->3347 3348 40454b SendMessageW 3346->3348 3347->3337 3348->3347 3351 401390 3349->3351 3350 4013fe 3350->3337 3351->3350 3352 4013cb MulDiv SendMessageW 3351->3352 3352->3351 3353->3140 3355 405f0e 3354->3355 3357 405f20 3354->3357 3356 405f1b CharNextW 3355->3356 3355->3357 3359 405f44 3356->3359 3358 405e73 CharNextW 3357->3358 3357->3359 3358->3357 3359->3143 3359->3144 3360->3161 3361->3161 3362->3163 3363->3189 3364->3217 3373 406042 GetFileAttributesW 3365->3373 3368 405c68 3368->3217 3369 405c56 RemoveDirectoryW 3371 405c64 3369->3371 3370 405c5e DeleteFileW 3370->3371 3371->3368 3372 405c74 SetFileAttributesW 3371->3372 3372->3368 3374 405c47 3373->3374 3375 406054 SetFileAttributesW 3373->3375 3374->3368 3374->3369 3374->3370 3375->3374 3377 406213 GetShortPathNameW 3376->3377 3378 4061ed 3376->3378 3380 406332 3377->3380 3381 406228 3377->3381 3403 406067 GetFileAttributesW CreateFileW 3378->3403 3380->3220 3381->3380 3383 406230 wsprintfA 3381->3383 3382 4061f7 CloseHandle GetShortPathNameW 3382->3380 3384 40620b 3382->3384 3385 4065b4 21 API calls 3383->3385 3384->3377 3384->3380 3386 406258 3385->3386 3404 406067 GetFileAttributesW CreateFileW 3386->3404 3388 406265 3388->3380 3389 406274 GetFileSize GlobalAlloc 3388->3389 3390 406296 3389->3390 3391 40632b CloseHandle 3389->3391 3392 4060ea ReadFile 3390->3392 3391->3380 3393 40629e 3392->3393 3393->3391 3405 405fcc lstrlenA 3393->3405 3396 4062b5 lstrcpyA 3399 4062d7 3396->3399 3397 4062c9 3398 405fcc 4 API calls 3397->3398 3398->3399 3400 40630e SetFilePointer 3399->3400 3401 406119 WriteFile 3400->3401 3402 406324 GlobalFree 3401->3402 3402->3391 3403->3382 3404->3388 3406 40600d lstrlenA 3405->3406 3407 406015 3406->3407 3408 405fe6 lstrcmpiA 3406->3408 3407->3396 3407->3397 3408->3407 3409 406004 CharNextA 3408->3409 3409->3406 3617 401a55 3618 402dcb 21 API calls 3617->3618 3619 401a5e ExpandEnvironmentStringsW 3618->3619 3620 401a72 3619->3620 3622 401a85 3619->3622 3621 401a77 lstrcmpW 3620->3621 3620->3622 3621->3622 3623 4014d7 3624 402da9 21 API calls 3623->3624 3625 4014dd Sleep 3624->3625 3627 402c4f 3625->3627 3633 4023d7 3634 4023e5 3633->3634 3635 4023df 3633->3635 3636 4023f3 3634->3636 3638 402dcb 21 API calls 3634->3638 3637 402dcb 21 API calls 3635->3637 3639 402401 3636->3639 3640 402dcb 21 API calls 3636->3640 3637->3634 3638->3636 3641 402dcb 21 API calls 3639->3641 3640->3639 3642 40240a WritePrivateProfileStringW 3641->3642 3643 402459 3644 402461 3643->3644 3645 40248c 3643->3645 3647 402e0b 21 API calls 3644->3647 3646 402dcb 21 API calls 3645->3646 3648 402493 3646->3648 3650 402468 3647->3650 3654 402e89 3648->3654 3651 402dcb 21 API calls 3650->3651 3652 4024a0 3650->3652 3653 402479 RegDeleteValueW RegCloseKey 3651->3653 3653->3652 3655 402e9d 3654->3655 3656 402e96 3654->3656 3655->3656 3658 402ece 3655->3658 3656->3652 3659 4063e4 RegOpenKeyExW 3658->3659 3660 402efc 3659->3660 3661 402f0c RegEnumValueW 3660->3661 3668 402f2f 3660->3668 3669 402fa6 3660->3669 3662 402f96 RegCloseKey 3661->3662 3661->3668 3662->3669 3663 402f6b RegEnumKeyW 3664 402f74 RegCloseKey 3663->3664 3663->3668 3665 40696b 5 API calls 3664->3665 3667 402f84 3665->3667 3666 402ece 6 API calls 3666->3668 3667->3669 3670 402f88 RegDeleteKeyW 3667->3670 3668->3662 3668->3663 3668->3664 3668->3666 3669->3656 3670->3669 3671 40175a 3672 402dcb 21 API calls 3671->3672 3673 401761 SearchPathW 3672->3673 3674 40177c 3673->3674 3675 401d5d 3676 402da9 21 API calls 3675->3676 3677 401d64 3676->3677 3678 402da9 21 API calls 3677->3678 3679 401d70 GetDlgItem 3678->3679 3680 40265d 3679->3680 3681 404f63 GetDlgItem GetDlgItem 3682 404fb5 7 API calls 3681->3682 3688 4051da 3681->3688 3683 40505c DeleteObject 3682->3683 3684 40504f SendMessageW 3682->3684 3685 405065 3683->3685 3684->3683 3686 40509c 3685->3686 3689 4065b4 21 API calls 3685->3689 3733 4044f6 3686->3733 3687 4052bc 3691 405368 3687->3691 3701 405315 SendMessageW 3687->3701 3724 4051cd 3687->3724 3688->3687 3720 405249 3688->3720 3738 404eb1 SendMessageW 3688->3738 3694 40507e SendMessageW SendMessageW 3689->3694 3692 405372 SendMessageW 3691->3692 3693 40537a 3691->3693 3692->3693 3698 4053a3 3693->3698 3703 405393 3693->3703 3704 40538c ImageList_Destroy 3693->3704 3694->3685 3695 4050b0 3700 4044f6 22 API calls 3695->3700 3696 4052ae SendMessageW 3696->3687 3705 40551d 3698->3705 3728 4053de 3698->3728 3743 404f31 3698->3743 3712 4050c1 3700->3712 3706 40532a SendMessageW 3701->3706 3701->3724 3703->3698 3707 40539c GlobalFree 3703->3707 3704->3703 3710 40552f ShowWindow GetDlgItem ShowWindow 3705->3710 3705->3724 3709 40533d 3706->3709 3707->3698 3708 40519c GetWindowLongW SetWindowLongW 3711 4051b5 3708->3711 3715 40534e SendMessageW 3709->3715 3710->3724 3713 4051d2 3711->3713 3714 4051ba ShowWindow 3711->3714 3712->3708 3716 405197 3712->3716 3719 405114 SendMessageW 3712->3719 3721 405152 SendMessageW 3712->3721 3722 405166 SendMessageW 3712->3722 3737 40452b SendMessageW 3713->3737 3736 40452b SendMessageW 3714->3736 3715->3691 3716->3708 3716->3711 3719->3712 3720->3687 3720->3696 3721->3712 3722->3712 3755 40455d 3724->3755 3725 4054e8 3726 4054f3 InvalidateRect 3725->3726 3729 4054ff 3725->3729 3726->3729 3727 40540c SendMessageW 3731 405422 3727->3731 3728->3727 3728->3731 3729->3705 3752 404e6c 3729->3752 3730 405496 SendMessageW SendMessageW 3730->3731 3731->3725 3731->3730 3734 4065b4 21 API calls 3733->3734 3735 404501 SetDlgItemTextW 3734->3735 3735->3695 3736->3724 3737->3688 3739 404f10 SendMessageW 3738->3739 3740 404ed4 GetMessagePos ScreenToClient SendMessageW 3738->3740 3741 404f08 3739->3741 3740->3741 3742 404f0d 3740->3742 3741->3720 3742->3739 3769 406577 lstrcpynW 3743->3769 3745 404f44 3770 4064be wsprintfW 3745->3770 3747 404f4e 3748 40140b 2 API calls 3747->3748 3749 404f57 3748->3749 3771 406577 lstrcpynW 3749->3771 3751 404f5e 3751->3728 3772 404da3 3752->3772 3754 404e81 3754->3705 3756 404575 GetWindowLongW 3755->3756 3766 404620 3755->3766 3757 40458a 3756->3757 3756->3766 3758 4045b7 GetSysColor 3757->3758 3759 4045ba 3757->3759 3757->3766 3758->3759 3760 4045c0 SetTextColor 3759->3760 3761 4045ca SetBkMode 3759->3761 3760->3761 3762 4045e2 GetSysColor 3761->3762 3763 4045e8 3761->3763 3762->3763 3764 4045f9 3763->3764 3765 4045ef SetBkColor 3763->3765 3764->3766 3767 404613 CreateBrushIndirect 3764->3767 3768 40460c DeleteObject 3764->3768 3765->3764 3767->3766 3768->3767 3769->3745 3770->3747 3771->3751 3773 404dbc 3772->3773 3774 4065b4 21 API calls 3773->3774 3775 404e20 3774->3775 3776 4065b4 21 API calls 3775->3776 3777 404e2b 3776->3777 3778 4065b4 21 API calls 3777->3778 3779 404e41 lstrlenW wsprintfW SetDlgItemTextW 3778->3779 3779->3754 3780 402663 3781 402692 3780->3781 3782 402677 3780->3782 3784 4026c2 3781->3784 3785 402697 3781->3785 3783 402da9 21 API calls 3782->3783 3794 40267e 3783->3794 3786 402dcb 21 API calls 3784->3786 3787 402dcb 21 API calls 3785->3787 3788 4026c9 lstrlenW 3786->3788 3789 40269e 3787->3789 3788->3794 3797 406599 WideCharToMultiByte 3789->3797 3791 4026b2 lstrlenA 3791->3794 3792 4026f6 3793 40270c 3792->3793 3795 406119 WriteFile 3792->3795 3794->3792 3794->3793 3798 406148 SetFilePointer 3794->3798 3795->3793 3797->3791 3799 406164 3798->3799 3804 40617c 3798->3804 3800 4060ea ReadFile 3799->3800 3801 406170 3800->3801 3802 406185 SetFilePointer 3801->3802 3803 4061ad SetFilePointer 3801->3803 3801->3804 3802->3803 3805 406190 3802->3805 3803->3804 3804->3792 3806 406119 WriteFile 3805->3806 3806->3804 3458 4015e6 3459 402dcb 21 API calls 3458->3459 3460 4015ed 3459->3460 3461 405ef1 4 API calls 3460->3461 3473 4015f6 3461->3473 3462 401656 3464 401688 3462->3464 3465 40165b 3462->3465 3463 405e73 CharNextW 3463->3473 3468 401423 28 API calls 3464->3468 3478 401423 3465->3478 3476 401680 3468->3476 3470 405b25 2 API calls 3470->3473 3471 405b42 5 API calls 3471->3473 3472 40166f SetCurrentDirectoryW 3472->3476 3473->3462 3473->3463 3473->3470 3473->3471 3474 40161f 3473->3474 3475 40163c GetFileAttributesW 3473->3475 3474->3473 3477 405acb 2 API calls 3474->3477 3475->3473 3477->3474 3479 4055fc 28 API calls 3478->3479 3480 401431 3479->3480 3481 406577 lstrcpynW 3480->3481 3481->3472 3807 404666 lstrlenW 3808 404685 3807->3808 3809 404687 WideCharToMultiByte 3807->3809 3808->3809 3816 4049e7 3817 404a13 3816->3817 3818 404a24 3816->3818 3877 405bbb GetDlgItemTextW 3817->3877 3820 404a30 GetDlgItem 3818->3820 3821 404a8f 3818->3821 3823 404a44 3820->3823 3830 4065b4 21 API calls 3821->3830 3838 404b73 3821->3838 3875 404d22 3821->3875 3822 404a1e 3824 406825 5 API calls 3822->3824 3825 404a58 SetWindowTextW 3823->3825 3828 405ef1 4 API calls 3823->3828 3824->3818 3829 4044f6 22 API calls 3825->3829 3827 40455d 8 API calls 3832 404d36 3827->3832 3833 404a4e 3828->3833 3834 404a74 3829->3834 3835 404b03 SHBrowseForFolderW 3830->3835 3831 404ba3 3836 405f4e 18 API calls 3831->3836 3833->3825 3841 405e46 3 API calls 3833->3841 3837 4044f6 22 API calls 3834->3837 3835->3838 3839 404b1b CoTaskMemFree 3835->3839 3840 404ba9 3836->3840 3842 404a82 3837->3842 3838->3875 3879 405bbb GetDlgItemTextW 3838->3879 3843 405e46 3 API calls 3839->3843 3880 406577 lstrcpynW 3840->3880 3841->3825 3878 40452b SendMessageW 3842->3878 3845 404b28 3843->3845 3848 404b5f SetDlgItemTextW 3845->3848 3852 4065b4 21 API calls 3845->3852 3847 404a88 3850 40696b 5 API calls 3847->3850 3848->3838 3849 404bc0 3851 40696b 5 API calls 3849->3851 3850->3821 3858 404bc7 3851->3858 3854 404b47 lstrcmpiW 3852->3854 3853 404c08 3881 406577 lstrcpynW 3853->3881 3854->3848 3855 404b58 lstrcatW 3854->3855 3855->3848 3857 404c0f 3859 405ef1 4 API calls 3857->3859 3858->3853 3863 405e92 2 API calls 3858->3863 3864 404c60 3858->3864 3860 404c15 GetDiskFreeSpaceW 3859->3860 3862 404c39 MulDiv 3860->3862 3860->3864 3862->3864 3863->3858 3865 404cd1 3864->3865 3867 404e6c 24 API calls 3864->3867 3866 404cf4 3865->3866 3868 40140b 2 API calls 3865->3868 3882 404518 EnableWindow 3866->3882 3869 404cbe 3867->3869 3868->3866 3871 404cd3 SetDlgItemTextW 3869->3871 3872 404cc3 3869->3872 3871->3865 3874 404da3 24 API calls 3872->3874 3873 404d10 3873->3875 3883 404940 3873->3883 3874->3865 3875->3827 3877->3822 3878->3847 3879->3831 3880->3849 3881->3857 3882->3873 3884 404953 SendMessageW 3883->3884 3885 40494e 3883->3885 3884->3875 3885->3884 3886 401c68 3887 402da9 21 API calls 3886->3887 3888 401c6f 3887->3888 3889 402da9 21 API calls 3888->3889 3890 401c7c 3889->3890 3891 401c91 3890->3891 3892 402dcb 21 API calls 3890->3892 3893 401ca1 3891->3893 3894 402dcb 21 API calls 3891->3894 3892->3891 3895 401cf8 3893->3895 3896 401cac 3893->3896 3894->3893 3897 402dcb 21 API calls 3895->3897 3898 402da9 21 API calls 3896->3898 3899 401cfd 3897->3899 3900 401cb1 3898->3900 3901 402dcb 21 API calls 3899->3901 3902 402da9 21 API calls 3900->3902 3903 401d06 FindWindowExW 3901->3903 3904 401cbd 3902->3904 3907 401d28 3903->3907 3905 401ce8 SendMessageW 3904->3905 3906 401cca SendMessageTimeoutW 3904->3906 3905->3907 3906->3907 3908 4028e9 3909 4028ef 3908->3909 3910 4028f7 FindClose 3909->3910 3911 402c4f 3909->3911 3910->3911 3507 403b6f 3508 403b87 3507->3508 3509 403b79 CloseHandle 3507->3509 3514 403bb4 3508->3514 3509->3508 3512 405c83 71 API calls 3513 403b98 3512->3513 3515 403bc2 3514->3515 3516 403bc7 FreeLibrary GlobalFree 3515->3516 3517 403b8c 3515->3517 3516->3516 3516->3517 3517->3512 3912 405570 3913 405580 3912->3913 3914 405594 3912->3914 3915 405586 3913->3915 3916 4055dd 3913->3916 3917 40559c IsWindowVisible 3914->3917 3923 4055b3 3914->3923 3918 404542 SendMessageW 3915->3918 3920 4055e2 CallWindowProcW 3916->3920 3917->3916 3919 4055a9 3917->3919 3921 405590 3918->3921 3922 404eb1 5 API calls 3919->3922 3920->3921 3922->3923 3923->3920 3924 404f31 4 API calls 3923->3924 3924->3916 3925 4016f1 3926 402dcb 21 API calls 3925->3926 3927 4016f7 GetFullPathNameW 3926->3927 3928 401711 3927->3928 3934 401733 3927->3934 3930 4068d4 2 API calls 3928->3930 3928->3934 3929 401748 GetShortPathNameW 3931 402c4f 3929->3931 3932 401723 3930->3932 3932->3934 3935 406577 lstrcpynW 3932->3935 3934->3929 3934->3931 3935->3934 3936 401e73 GetDC 3937 402da9 21 API calls 3936->3937 3938 401e85 GetDeviceCaps MulDiv ReleaseDC 3937->3938 3939 402da9 21 API calls 3938->3939 3940 401eb6 3939->3940 3941 4065b4 21 API calls 3940->3941 3942 401ef3 CreateFontIndirectW 3941->3942 3943 40265d 3942->3943 3944 402975 3945 402dcb 21 API calls 3944->3945 3946 402981 3945->3946 3947 402997 3946->3947 3948 402dcb 21 API calls 3946->3948 3949 406042 2 API calls 3947->3949 3948->3947 3950 40299d 3949->3950 3972 406067 GetFileAttributesW CreateFileW 3950->3972 3952 4029aa 3953 402a60 3952->3953 3954 4029c5 GlobalAlloc 3952->3954 3955 402a48 3952->3955 3956 402a67 DeleteFileW 3953->3956 3957 402a7a 3953->3957 3954->3955 3958 4029de 3954->3958 3959 4032d9 35 API calls 3955->3959 3956->3957 3973 40350a SetFilePointer 3958->3973 3961 402a55 CloseHandle 3959->3961 3961->3953 3962 4029e4 3963 4034f4 ReadFile 3962->3963 3964 4029ed GlobalAlloc 3963->3964 3965 402a31 3964->3965 3966 4029fd 3964->3966 3968 406119 WriteFile 3965->3968 3967 4032d9 35 API calls 3966->3967 3971 402a0a 3967->3971 3969 402a3d GlobalFree 3968->3969 3969->3955 3970 402a28 GlobalFree 3970->3965 3971->3970 3972->3952 3973->3962 3974 4014f5 SetForegroundWindow 3975 402c4f 3974->3975 3976 403ff7 3977 404170 3976->3977 3978 40400f 3976->3978 3979 404181 GetDlgItem GetDlgItem 3977->3979 3980 4041c1 3977->3980 3978->3977 3981 40401b 3978->3981 3982 4044f6 22 API calls 3979->3982 3983 40421b 3980->3983 3995 401389 2 API calls 3980->3995 3984 404026 SetWindowPos 3981->3984 3985 404039 3981->3985 3986 4041ab SetClassLongW 3982->3986 3987 404542 SendMessageW 3983->3987 4005 40416b 3983->4005 3984->3985 3988 404042 ShowWindow 3985->3988 3989 404084 3985->3989 3992 40140b 2 API calls 3986->3992 4017 40422d 3987->4017 3990 404062 GetWindowLongW 3988->3990 3991 40412e 3988->3991 3993 4040a3 3989->3993 3994 40408c DestroyWindow 3989->3994 3990->3991 3996 40407b ShowWindow 3990->3996 4000 40455d 8 API calls 3991->4000 3992->3980 3997 4040a8 SetWindowLongW 3993->3997 3998 4040b9 3993->3998 4046 40447f 3994->4046 3999 4041f3 3995->3999 3996->3989 3997->4005 3998->3991 4003 4040c5 GetDlgItem 3998->4003 3999->3983 4004 4041f7 SendMessageW 3999->4004 4000->4005 4001 40140b 2 API calls 4001->4017 4002 404481 DestroyWindow EndDialog 4002->4046 4007 4040f3 4003->4007 4008 4040d6 SendMessageW IsWindowEnabled 4003->4008 4004->4005 4006 4044b0 ShowWindow 4006->4005 4010 404100 4007->4010 4013 404147 SendMessageW 4007->4013 4014 404113 4007->4014 4020 4040f8 4007->4020 4008->4005 4008->4007 4009 4065b4 21 API calls 4009->4017 4010->4013 4010->4020 4012 4044f6 22 API calls 4012->4017 4013->3991 4015 404130 4014->4015 4016 40411b 4014->4016 4019 40140b 2 API calls 4015->4019 4018 40140b 2 API calls 4016->4018 4017->4001 4017->4002 4017->4005 4017->4009 4017->4012 4021 4044f6 22 API calls 4017->4021 4037 4043c1 DestroyWindow 4017->4037 4018->4020 4019->4020 4020->3991 4047 4044cf 4020->4047 4022 4042a8 GetDlgItem 4021->4022 4023 4042c5 ShowWindow EnableWindow 4022->4023 4024 4042bd 4022->4024 4050 404518 EnableWindow 4023->4050 4024->4023 4026 4042ef EnableWindow 4031 404303 4026->4031 4027 404308 GetSystemMenu EnableMenuItem SendMessageW 4028 404338 SendMessageW 4027->4028 4027->4031 4028->4031 4030 403fd8 22 API calls 4030->4031 4031->4027 4031->4030 4051 40452b SendMessageW 4031->4051 4052 406577 lstrcpynW 4031->4052 4033 404367 lstrlenW 4034 4065b4 21 API calls 4033->4034 4035 40437d SetWindowTextW 4034->4035 4036 401389 2 API calls 4035->4036 4036->4017 4038 4043db CreateDialogParamW 4037->4038 4037->4046 4039 40440e 4038->4039 4038->4046 4040 4044f6 22 API calls 4039->4040 4041 404419 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4040->4041 4042 401389 2 API calls 4041->4042 4043 40445f 4042->4043 4043->4005 4044 404467 ShowWindow 4043->4044 4045 404542 SendMessageW 4044->4045 4045->4046 4046->4005 4046->4006 4048 4044d6 4047->4048 4049 4044dc SendMessageW 4047->4049 4048->4049 4049->3991 4050->4026 4051->4031 4052->4033 4053 40197b 4054 402dcb 21 API calls 4053->4054 4055 401982 lstrlenW 4054->4055 4056 40265d 4055->4056 4057 4020fd 4058 4021c1 4057->4058 4059 40210f 4057->4059 4061 401423 28 API calls 4058->4061 4060 402dcb 21 API calls 4059->4060 4062 402116 4060->4062 4068 40231b 4061->4068 4063 402dcb 21 API calls 4062->4063 4064 40211f 4063->4064 4065 402135 LoadLibraryExW 4064->4065 4066 402127 GetModuleHandleW 4064->4066 4065->4058 4067 402146 4065->4067 4066->4065 4066->4067 4077 4069da 4067->4077 4071 402190 4073 4055fc 28 API calls 4071->4073 4072 402157 4074 401423 28 API calls 4072->4074 4075 402167 4072->4075 4073->4075 4074->4075 4075->4068 4076 4021b3 FreeLibrary 4075->4076 4076->4068 4082 406599 WideCharToMultiByte 4077->4082 4079 4069f7 4080 402151 4079->4080 4081 4069fe GetProcAddress 4079->4081 4080->4071 4080->4072 4081->4080 4082->4079 4083 402b7e 4084 402bd0 4083->4084 4085 402b85 4083->4085 4086 40696b 5 API calls 4084->4086 4087 402bce 4085->4087 4089 402da9 21 API calls 4085->4089 4088 402bd7 4086->4088 4090 402dcb 21 API calls 4088->4090 4091 402b93 4089->4091 4092 402be0 4090->4092 4093 402da9 21 API calls 4091->4093 4092->4087 4094 402be4 IIDFromString 4092->4094 4096 402b9f 4093->4096 4094->4087 4095 402bf3 4094->4095 4095->4087 4101 406577 lstrcpynW 4095->4101 4100 4064be wsprintfW 4096->4100 4098 402c10 CoTaskMemFree 4098->4087 4100->4087 4101->4098 4102 401000 4103 401037 BeginPaint GetClientRect 4102->4103 4105 40100c DefWindowProcW 4102->4105 4106 4010f3 4103->4106 4107 401179 4105->4107 4108 401073 CreateBrushIndirect FillRect DeleteObject 4106->4108 4109 4010fc 4106->4109 4108->4106 4110 401102 CreateFontIndirectW 4109->4110 4111 401167 EndPaint 4109->4111 4110->4111 4112 401112 6 API calls 4110->4112 4111->4107 4112->4111 4113 401781 4114 402dcb 21 API calls 4113->4114 4115 401788 4114->4115 4116 406096 2 API calls 4115->4116 4117 40178f 4116->4117 4117->4117 4118 401d82 4119 402da9 21 API calls 4118->4119 4120 401d93 SetWindowLongW 4119->4120 4121 402c4f 4120->4121 4122 401503 4123 40152e 4122->4123 4124 401508 4122->4124 4125 402da9 21 API calls 4124->4125 4125->4123 4126 402903 4127 40290b 4126->4127 4128 40290f FindNextFileW 4127->4128 4131 402921 4127->4131 4129 402968 4128->4129 4128->4131 4132 406577 lstrcpynW 4129->4132 4132->4131 4133 403c07 4134 403c12 4133->4134 4135 403c16 4134->4135 4136 403c19 GlobalAlloc 4134->4136 4136->4135 4137 401588 4138 402bc9 4137->4138 4141 4064be wsprintfW 4138->4141 4140 402bce 4141->4140 3503 401389 3505 401390 3503->3505 3504 4013fe 3505->3504 3506 4013cb MulDiv SendMessageW 3505->3506 3506->3505 4142 40198d 4143 402da9 21 API calls 4142->4143 4144 401994 4143->4144 4145 402da9 21 API calls 4144->4145 4146 4019a1 4145->4146 4147 402dcb 21 API calls 4146->4147 4148 4019b8 lstrlenW 4147->4148 4149 4019c9 4148->4149 4150 401a0a 4149->4150 4154 406577 lstrcpynW 4149->4154 4152 4019fa 4152->4150 4153 4019ff lstrlenW 4152->4153 4153->4150 4154->4152 4155 40168f 4156 402dcb 21 API calls 4155->4156 4157 401695 4156->4157 4158 4068d4 2 API calls 4157->4158 4159 40169b 4158->4159 4160 402b10 4161 402da9 21 API calls 4160->4161 4162 402b16 4161->4162 4163 4065b4 21 API calls 4162->4163 4164 402953 4162->4164 4163->4164 4165 402711 4166 402da9 21 API calls 4165->4166 4167 402720 4166->4167 4168 40276a ReadFile 4167->4168 4169 4060ea ReadFile 4167->4169 4170 4027aa MultiByteToWideChar 4167->4170 4171 40285f 4167->4171 4172 406148 5 API calls 4167->4172 4174 4027d0 SetFilePointer MultiByteToWideChar 4167->4174 4175 402870 4167->4175 4177 40285d 4167->4177 4168->4167 4168->4177 4169->4167 4170->4167 4178 4064be wsprintfW 4171->4178 4172->4167 4174->4167 4176 402891 SetFilePointer 4175->4176 4175->4177 4176->4177 4178->4177 4179 401491 4180 4055fc 28 API calls 4179->4180 4181 401498 4180->4181 3410 401794 3449 402dcb 3410->3449 3412 40179b 3413 4017c3 3412->3413 3414 4017bb 3412->3414 3457 406577 lstrcpynW 3413->3457 3456 406577 lstrcpynW 3414->3456 3417 4017c1 3420 406825 5 API calls 3417->3420 3418 4017ce 3419 405e46 3 API calls 3418->3419 3421 4017d4 lstrcatW 3419->3421 3438 4017e0 3420->3438 3421->3417 3422 4017e6 3423 4068d4 2 API calls 3422->3423 3426 4017f2 CompareFileTime 3422->3426 3422->3438 3423->3422 3424 406042 2 API calls 3424->3438 3426->3422 3427 4018b2 3428 4055fc 28 API calls 3427->3428 3430 4018bc 3428->3430 3429 401889 3431 4055fc 28 API calls 3429->3431 3440 40189e 3429->3440 3433 4032d9 35 API calls 3430->3433 3431->3440 3432 406577 lstrcpynW 3432->3438 3434 4018cf 3433->3434 3435 4018e3 SetFileTime 3434->3435 3437 4018f5 CloseHandle 3434->3437 3435->3437 3436 4065b4 21 API calls 3436->3438 3439 401906 3437->3439 3437->3440 3438->3422 3438->3424 3438->3427 3438->3429 3438->3432 3438->3436 3445 405bd7 MessageBoxIndirectW 3438->3445 3455 406067 GetFileAttributesW CreateFileW 3438->3455 3441 40190b 3439->3441 3442 40191e 3439->3442 3443 4065b4 21 API calls 3441->3443 3444 4065b4 21 API calls 3442->3444 3446 401913 lstrcatW 3443->3446 3447 401926 3444->3447 3445->3438 3446->3447 3448 405bd7 MessageBoxIndirectW 3447->3448 3448->3440 3450 402dd7 3449->3450 3451 4065b4 21 API calls 3450->3451 3452 402df8 3451->3452 3453 402e04 3452->3453 3454 406825 5 API calls 3452->3454 3453->3412 3454->3453 3455->3438 3456->3417 3457->3418 4182 401a97 4183 402da9 21 API calls 4182->4183 4184 401aa0 4183->4184 4185 402da9 21 API calls 4184->4185 4186 401a45 4185->4186 4187 401598 4188 4015b1 4187->4188 4189 4015a8 ShowWindow 4187->4189 4190 402c4f 4188->4190 4191 4015bf ShowWindow 4188->4191 4189->4188 4191->4190 4192 402419 4193 402dcb 21 API calls 4192->4193 4194 402428 4193->4194 4195 402dcb 21 API calls 4194->4195 4196 402431 4195->4196 4197 402dcb 21 API calls 4196->4197 4198 40243b GetPrivateProfileStringW 4197->4198 4199 40201b 4200 402dcb 21 API calls 4199->4200 4201 402022 4200->4201 4202 4068d4 2 API calls 4201->4202 4203 402028 4202->4203 4205 402039 4203->4205 4206 4064be wsprintfW 4203->4206 4206->4205 4207 401b9c 4208 402dcb 21 API calls 4207->4208 4209 401ba3 4208->4209 4210 402da9 21 API calls 4209->4210 4211 401bac wsprintfW 4210->4211 4212 402c4f 4211->4212 4213 40149e 4214 4023c2 4213->4214 4215 4014ac PostQuitMessage 4213->4215 4215->4214 4216 4049a0 4217 4049b0 4216->4217 4218 4049d6 4216->4218 4219 4044f6 22 API calls 4217->4219 4220 40455d 8 API calls 4218->4220 4221 4049bd SetDlgItemTextW 4219->4221 4222 4049e2 4220->4222 4221->4218 4223 4016a0 4224 402dcb 21 API calls 4223->4224 4225 4016a7 4224->4225 4226 402dcb 21 API calls 4225->4226 4227 4016b0 4226->4227 4228 402dcb 21 API calls 4227->4228 4229 4016b9 MoveFileW 4228->4229 4230 4016c5 4229->4230 4231 4016cc 4229->4231 4233 401423 28 API calls 4230->4233 4232 4068d4 2 API calls 4231->4232 4235 40231b 4231->4235 4234 4016db 4232->4234 4233->4235 4234->4235 4236 406337 40 API calls 4234->4236 4236->4230 4237 401a24 4238 402dcb 21 API calls 4237->4238 4239 401a2b 4238->4239 4240 402dcb 21 API calls 4239->4240 4241 401a34 4240->4241 4242 401a3b lstrcmpiW 4241->4242 4243 401a4d lstrcmpW 4241->4243 4244 401a41 4242->4244 4243->4244 4245 402324 4246 402dcb 21 API calls 4245->4246 4247 40232a 4246->4247 4248 402dcb 21 API calls 4247->4248 4249 402333 4248->4249 4250 402dcb 21 API calls 4249->4250 4251 40233c 4250->4251 4252 4068d4 2 API calls 4251->4252 4253 402345 4252->4253 4254 402356 lstrlenW lstrlenW 4253->4254 4258 402349 4253->4258 4255 4055fc 28 API calls 4254->4255 4257 402394 SHFileOperationW 4255->4257 4256 4055fc 28 API calls 4259 402351 4256->4259 4257->4258 4257->4259 4258->4256 4258->4259 4260 401da6 4261 401db9 GetDlgItem 4260->4261 4262 401dac 4260->4262 4264 401db3 4261->4264 4263 402da9 21 API calls 4262->4263 4263->4264 4265 401dfa GetClientRect LoadImageW SendMessageW 4264->4265 4267 402dcb 21 API calls 4264->4267 4268 401e58 4265->4268 4270 401e64 4265->4270 4267->4265 4269 401e5d DeleteObject 4268->4269 4268->4270 4269->4270 4271 4023a8 4272 4023af 4271->4272 4273 4023c2 4271->4273 4274 4065b4 21 API calls 4272->4274 4275 4023bc 4274->4275 4276 405bd7 MessageBoxIndirectW 4275->4276 4276->4273 4277 402c2a SendMessageW 4278 402c44 InvalidateRect 4277->4278 4279 402c4f 4277->4279 4278->4279 4280 40462c lstrcpynW lstrlenW 4281 4024af 4282 402dcb 21 API calls 4281->4282 4283 4024c1 4282->4283 4284 402dcb 21 API calls 4283->4284 4285 4024cb 4284->4285 4298 402e5b 4285->4298 4288 402503 4291 402da9 21 API calls 4288->4291 4293 40250f 4288->4293 4289 402953 4290 402dcb 21 API calls 4294 4024f9 lstrlenW 4290->4294 4291->4293 4292 40252e RegSetValueExW 4296 402544 RegCloseKey 4292->4296 4293->4292 4295 4032d9 35 API calls 4293->4295 4294->4288 4295->4292 4296->4289 4299 402e76 4298->4299 4302 406412 4299->4302 4303 406421 4302->4303 4304 4024db 4303->4304 4305 40642c RegCreateKeyExW 4303->4305 4304->4288 4304->4289 4304->4290 4305->4304 4306 402930 4307 402dcb 21 API calls 4306->4307 4308 402937 FindFirstFileW 4307->4308 4309 40295f 4308->4309 4313 40294a 4308->4313 4310 402968 4309->4310 4314 4064be wsprintfW 4309->4314 4315 406577 lstrcpynW 4310->4315 4314->4310 4315->4313 4316 401931 4317 401968 4316->4317 4318 402dcb 21 API calls 4317->4318 4319 40196d 4318->4319 4320 405c83 71 API calls 4319->4320 4321 401976 4320->4321 4322 401934 4323 402dcb 21 API calls 4322->4323 4324 40193b 4323->4324 4325 405bd7 MessageBoxIndirectW 4324->4325 4326 401944 4325->4326 4327 4046b5 4328 4046cd 4327->4328 4331 4047e7 4327->4331 4332 4044f6 22 API calls 4328->4332 4329 404851 4330 40485b GetDlgItem 4329->4330 4333 40491b 4329->4333 4334 404875 4330->4334 4335 4048dc 4330->4335 4331->4329 4331->4333 4336 404822 GetDlgItem SendMessageW 4331->4336 4337 404734 4332->4337 4338 40455d 8 API calls 4333->4338 4334->4335 4339 40489b SendMessageW LoadCursorW SetCursor 4334->4339 4335->4333 4340 4048ee 4335->4340 4360 404518 EnableWindow 4336->4360 4342 4044f6 22 API calls 4337->4342 4343 404916 4338->4343 4361 404964 4339->4361 4345 404904 4340->4345 4346 4048f4 SendMessageW 4340->4346 4348 404741 CheckDlgButton 4342->4348 4345->4343 4350 40490a SendMessageW 4345->4350 4346->4345 4347 40484c 4351 404940 SendMessageW 4347->4351 4358 404518 EnableWindow 4348->4358 4350->4343 4351->4329 4353 40475f GetDlgItem 4359 40452b SendMessageW 4353->4359 4355 404775 SendMessageW 4356 404792 GetSysColor 4355->4356 4357 40479b SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4355->4357 4356->4357 4357->4343 4358->4353 4359->4355 4360->4347 4364 405b9d ShellExecuteExW 4361->4364 4363 4048ca LoadCursorW SetCursor 4363->4335 4364->4363 4365 4028b6 4366 4028bd 4365->4366 4368 402bce 4365->4368 4367 402da9 21 API calls 4366->4367 4369 4028c4 4367->4369 4370 4028d3 SetFilePointer 4369->4370 4370->4368 4371 4028e3 4370->4371 4373 4064be wsprintfW 4371->4373 4373->4368 4374 401f37 4375 402dcb 21 API calls 4374->4375 4376 401f3d 4375->4376 4377 402dcb 21 API calls 4376->4377 4378 401f46 4377->4378 4379 402dcb 21 API calls 4378->4379 4380 401f4f 4379->4380 4381 402dcb 21 API calls 4380->4381 4382 401f58 4381->4382 4383 401423 28 API calls 4382->4383 4384 401f5f 4383->4384 4391 405b9d ShellExecuteExW 4384->4391 4386 401fa7 4387 406a16 5 API calls 4386->4387 4388 402953 4386->4388 4389 401fc4 CloseHandle 4387->4389 4389->4388 4391->4386 4392 402fb8 4393 402fca SetTimer 4392->4393 4395 402fe3 4392->4395 4393->4395 4394 403038 4395->4394 4396 402ffd MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4395->4396 4396->4394 4397 4014b8 4398 4014be 4397->4398 4399 401389 2 API calls 4398->4399 4400 4014c6 4399->4400 4401 40573b 4402 4058e5 4401->4402 4403 40575c GetDlgItem GetDlgItem GetDlgItem 4401->4403 4404 405916 4402->4404 4405 4058ee GetDlgItem CreateThread CloseHandle 4402->4405 4446 40452b SendMessageW 4403->4446 4407 405941 4404->4407 4409 405966 4404->4409 4410 40592d ShowWindow ShowWindow 4404->4410 4405->4404 4411 4059a1 4407->4411 4414 405955 4407->4414 4415 40597b ShowWindow 4407->4415 4408 4057cc 4412 4057d3 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4408->4412 4416 40455d 8 API calls 4409->4416 4448 40452b SendMessageW 4410->4448 4411->4409 4419 4059af SendMessageW 4411->4419 4417 405841 4412->4417 4418 405825 SendMessageW SendMessageW 4412->4418 4420 4044cf SendMessageW 4414->4420 4422 40599b 4415->4422 4423 40598d 4415->4423 4421 405974 4416->4421 4425 405854 4417->4425 4426 405846 SendMessageW 4417->4426 4418->4417 4419->4421 4427 4059c8 CreatePopupMenu 4419->4427 4420->4409 4424 4044cf SendMessageW 4422->4424 4428 4055fc 28 API calls 4423->4428 4424->4411 4430 4044f6 22 API calls 4425->4430 4426->4425 4429 4065b4 21 API calls 4427->4429 4428->4422 4431 4059d8 AppendMenuW 4429->4431 4432 405864 4430->4432 4433 4059f5 GetWindowRect 4431->4433 4434 405a08 TrackPopupMenu 4431->4434 4435 4058a1 GetDlgItem SendMessageW 4432->4435 4436 40586d ShowWindow 4432->4436 4433->4434 4434->4421 4437 405a23 4434->4437 4435->4421 4440 4058c8 SendMessageW SendMessageW 4435->4440 4438 405890 4436->4438 4439 405883 ShowWindow 4436->4439 4441 405a3f SendMessageW 4437->4441 4447 40452b SendMessageW 4438->4447 4439->4438 4440->4421 4441->4441 4442 405a5c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4441->4442 4444 405a81 SendMessageW 4442->4444 4444->4444 4445 405aaa GlobalUnlock SetClipboardData CloseClipboard 4444->4445 4445->4421 4446->4408 4447->4435 4448->4407 4449 401d3c 4450 402da9 21 API calls 4449->4450 4451 401d42 IsWindow 4450->4451 4452 401a45 4451->4452 4453 404d3d 4454 404d69 4453->4454 4455 404d4d 4453->4455 4457 404d9c 4454->4457 4458 404d6f SHGetPathFromIDListW 4454->4458 4464 405bbb GetDlgItemTextW 4455->4464 4460 404d7f 4458->4460 4463 404d86 SendMessageW 4458->4463 4459 404d5a SendMessageW 4459->4454 4461 40140b 2 API calls 4460->4461 4461->4463 4463->4457 4464->4459

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 403552-4035a4 SetErrorMode GetVersionExW 1 4035a6-4035d6 GetVersionExW 0->1 2 4035de-4035e3 0->2 1->2 3 4035e5 2->3 4 4035eb-40362d 2->4 3->4 5 403640 4->5 6 40362f-403637 call 40696b 4->6 7 403645-403659 call 4068fb lstrlenA 5->7 6->5 12 403639 6->12 13 40365b-403677 call 40696b * 3 7->13 12->5 20 403688-4036ec #17 OleInitialize SHGetFileInfoW call 406577 GetCommandLineW call 406577 13->20 21 403679-40367f 13->21 28 4036f5-403709 call 405e73 CharNextW 20->28 29 4036ee-4036f0 20->29 21->20 26 403681 21->26 26->20 32 403804-40380a 28->32 29->28 33 403810 32->33 34 40370e-403714 32->34 35 403824-40383e GetTempPathW call 403521 33->35 36 403716-40371b 34->36 37 40371d-403724 34->37 44 403840-40385e GetWindowsDirectoryW lstrcatW call 403521 35->44 45 403896-4038b0 DeleteFileW call 4030a2 35->45 36->36 36->37 39 403726-40372b 37->39 40 40372c-403730 37->40 39->40 42 4037f1-403800 call 405e73 40->42 43 403736-40373c 40->43 42->32 61 403802-403803 42->61 47 403756-40378f 43->47 48 40373e-403745 43->48 44->45 64 403860-403890 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403521 44->64 66 4038b6-4038bc 45->66 67 403a9d-403aad ExitProcess CoUninitialize 45->67 51 403791-403796 47->51 52 4037ac-4037e6 47->52 49 403747-40374a 48->49 50 40374c 48->50 49->47 49->50 50->47 51->52 56 403798-4037a0 51->56 58 4037e8-4037ec 52->58 59 4037ee-4037f0 52->59 62 4037a2-4037a5 56->62 63 4037a7 56->63 58->59 65 403812-40381f call 406577 58->65 59->42 61->32 62->52 62->63 63->52 64->45 64->67 65->35 72 4038c2-4038cd call 405e73 66->72 73 403955-40395c call 403c49 66->73 70 403ad3-403ad9 67->70 71 403aaf-403abf call 405bd7 ExitProcess 67->71 75 403b57-403b5f 70->75 76 403adb-403af1 GetCurrentProcess OpenProcessToken 70->76 87 40391b-403925 72->87 88 4038cf-403904 72->88 83 403961-403965 73->83 84 403b61 75->84 85 403b65-403b69 ExitProcess 75->85 81 403af3-403b21 LookupPrivilegeValueW AdjustTokenPrivileges 76->81 82 403b27-403b35 call 40696b 76->82 81->82 97 403b43-403b4e ExitWindowsEx 82->97 98 403b37-403b41 82->98 83->67 84->85 92 403927-403935 call 405f4e 87->92 93 40396a-403990 call 405b42 lstrlenW call 406577 87->93 90 403906-40390a 88->90 94 403913-403917 90->94 95 40390c-403911 90->95 92->67 107 40393b-403951 call 406577 * 2 92->107 110 4039a1-4039b9 93->110 111 403992-40399c call 406577 93->111 94->90 100 403919 94->100 95->94 95->100 97->75 102 403b50-403b52 call 40140b 97->102 98->97 98->102 100->87 102->75 107->73 114 4039be-4039c2 110->114 111->110 116 4039c7-4039f1 wsprintfW call 4065b4 114->116 120 4039f3-4039f8 call 405acb 116->120 121 4039fa call 405b25 116->121 125 4039ff-403a01 120->125 121->125 126 403a03-403a0d GetFileAttributesW 125->126 127 403a3d-403a5c SetCurrentDirectoryW call 406337 CopyFileW 125->127 128 403a2e-403a39 126->128 129 403a0f-403a18 DeleteFileW 126->129 135 403a9b 127->135 136 403a5e-403a7f call 406337 call 4065b4 call 405b5a 127->136 128->114 132 403a3b 128->132 129->128 131 403a1a-403a2c call 405c83 129->131 131->116 131->128 132->67 135->67 144 403a81-403a8b 136->144 145 403ac5-403ad1 CloseHandle 136->145 144->135 146 403a8d-403a95 call 4068d4 144->146 145->135 146->116 146->135
                                APIs
                                • SetErrorMode.KERNELBASE ref: 00403575
                                • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 004035A0
                                • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 004035B3
                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 0040364C
                                • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403689
                                • OleInitialize.OLE32(00000000), ref: 00403690
                                • SHGetFileInfoW.SHELL32(0042AA28,00000000,?,000002B4,00000000), ref: 004036AF
                                • GetCommandLineW.KERNEL32(00433700,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004036C4
                                • CharNextW.USER32(00000000,0043F000,00000020,0043F000,00000000,?,00000008,0000000A,0000000C), ref: 004036FD
                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403835
                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403846
                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403852
                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403866
                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040386E
                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040387F
                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403887
                                • DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040389B
                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0043F000,00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403974
                                  • Part of subcall function 00406577: lstrcpynW.KERNEL32(?,?,00000400,004036C4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406584
                                • wsprintfW.USER32 ref: 004039D1
                                • GetFileAttributesW.KERNEL32(00437800,C:\Users\user\AppData\Local\Temp\), ref: 00403A04
                                • DeleteFileW.KERNEL32(00437800), ref: 00403A10
                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403A3E
                                  • Part of subcall function 00406337: MoveFileExW.KERNEL32(?,?,00000005,00405E35,?,00000000,000000F1,?,?,?,?,?), ref: 00406341
                                • CopyFileW.KERNEL32(00442800,00437800,00000001,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403A54
                                  • Part of subcall function 00405B5A: CreateProcessW.KERNELBASE(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B83
                                  • Part of subcall function 00405B5A: CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B90
                                  • Part of subcall function 004068D4: FindFirstFileW.KERNEL32(75923420,0042FAB8,0042F270,00405F97,0042F270,0042F270,00000000,0042F270,0042F270,75923420,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,75923420,C:\Users\user\AppData\Local\Temp\), ref: 004068DF
                                  • Part of subcall function 004068D4: FindClose.KERNEL32(00000000), ref: 004068EB
                                • ExitProcess.KERNEL32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A9D
                                • CoUninitialize.COMBASE(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AA2
                                • ExitProcess.KERNEL32 ref: 00403ABF
                                • CloseHandle.KERNEL32(00000000,00438000,00438000,?,00437800,00000000), ref: 00403AC6
                                • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AE2
                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403AE9
                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AFE
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403B21
                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403B46
                                • ExitProcess.KERNEL32 ref: 00403B69
                                  • Part of subcall function 00405B25: CreateDirectoryW.KERNELBASE(?,00000000,00403545,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00405B2B
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: File$Process$Exit$CloseDirectory$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                • String ID: 1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\RDBNT$C:\users\public$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                • API String ID: 2017177436-1870024364
                                • Opcode ID: 04707b10a4b3afb6a18ca337361403f50cb556bbdd5965bfbe7ebc29a3518fa6
                                • Instruction ID: 854c728f01c0035939758d15b123b9002cb8995d15bf2fdbd915a0a46deb4321
                                • Opcode Fuzzy Hash: 04707b10a4b3afb6a18ca337361403f50cb556bbdd5965bfbe7ebc29a3518fa6
                                • Instruction Fuzzy Hash: 6DF1F470604301ABD320AF659D05B6B7EE8EB8570AF10483FF581B22D1DB7DDA458B6E

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 149 403c49-403c61 call 40696b 152 403c63-403c73 call 4064be 149->152 153 403c75-403cac call 406445 149->153 161 403ccf-403cf8 call 403f1f call 405f4e 152->161 157 403cc4-403cca lstrcatW 153->157 158 403cae-403cbf call 406445 153->158 157->161 158->157 167 403d8a-403d92 call 405f4e 161->167 168 403cfe-403d03 161->168 173 403da0-403dc5 LoadImageW 167->173 174 403d94-403d9b call 4065b4 167->174 168->167 169 403d09-403d31 call 406445 168->169 169->167 179 403d33-403d37 169->179 177 403e46-403e4e call 40140b 173->177 178 403dc7-403df7 RegisterClassW 173->178 174->173 192 403e50-403e53 177->192 193 403e58-403e63 call 403f1f 177->193 182 403f15 178->182 183 403dfd-403e41 SystemParametersInfoW CreateWindowExW 178->183 180 403d49-403d55 lstrlenW 179->180 181 403d39-403d46 call 405e73 179->181 187 403d57-403d65 lstrcmpiW 180->187 188 403d7d-403d85 call 405e46 call 406577 180->188 181->180 186 403f17-403f1e 182->186 183->177 187->188 191 403d67-403d71 GetFileAttributesW 187->191 188->167 195 403d73-403d75 191->195 196 403d77-403d78 call 405e92 191->196 192->186 202 403e69-403e83 ShowWindow call 4068fb 193->202 203 403eec-403ef4 call 4056cf 193->203 195->188 195->196 196->188 210 403e85-403e8a call 4068fb 202->210 211 403e8f-403ea1 GetClassInfoW 202->211 208 403ef6-403efc 203->208 209 403f0e-403f10 call 40140b 203->209 208->192 216 403f02-403f09 call 40140b 208->216 209->182 210->211 214 403ea3-403eb3 GetClassInfoW RegisterClassW 211->214 215 403eb9-403eea DialogBoxParamW call 40140b call 403b99 211->215 214->215 215->186 216->192
                                APIs
                                  • Part of subcall function 0040696B: GetModuleHandleA.KERNEL32(?,00000020,?,00403662,0000000C,?,?,?,?,?,?,?,?), ref: 0040697D
                                  • Part of subcall function 0040696B: GetProcAddress.KERNEL32(00000000,?), ref: 00406998
                                • lstrcatW.KERNEL32(1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,75923420,C:\Users\user\AppData\Local\Temp\,00000000,0043F000,00008001), ref: 00403CCA
                                • lstrlenW.KERNEL32("C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,?,?,?,"C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,00000000,0043F800,1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,75923420), ref: 00403D4A
                                • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,?,?,?,"C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,00000000,0043F800,1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000), ref: 00403D5D
                                • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l), ref: 00403D68
                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,0043F800), ref: 00403DB1
                                  • Part of subcall function 004064BE: wsprintfW.USER32 ref: 004064CB
                                • RegisterClassW.USER32(004336A0), ref: 00403DEE
                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403E06
                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403E3B
                                • ShowWindow.USER32(00000005,00000000), ref: 00403E71
                                • GetClassInfoW.USER32(00000000,RichEdit20W,004336A0), ref: 00403E9D
                                • GetClassInfoW.USER32(00000000,RichEdit,004336A0), ref: 00403EAA
                                • RegisterClassW.USER32(004336A0), ref: 00403EB3
                                • DialogBoxParamW.USER32(?,00000000,00403FF7,00000000), ref: 00403ED2
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                • String ID: "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                • API String ID: 1975747703-311948475
                                • Opcode ID: a4b6b062c3cda51b96eb3e1e848ea22fea792b1bb39582dd55e536ebb93ad2e9
                                • Instruction ID: c722afd28cb3ad108a11d8546cd61d6ece1c23d3a169ae69e987cf65e7f86a01
                                • Opcode Fuzzy Hash: a4b6b062c3cda51b96eb3e1e848ea22fea792b1bb39582dd55e536ebb93ad2e9
                                • Instruction Fuzzy Hash: 7961C370500700BED620AF66AD46F2B3A6CEB85B5AF40053FF945B22E2DB7C5941CA6D

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 223 4030a2-4030f0 GetTickCount GetModuleFileNameW call 406067 226 4030f2-4030f7 223->226 227 4030fc-40312a call 406577 call 405e92 call 406577 GetFileSize 223->227 228 4032d2-4032d6 226->228 235 403130 227->235 236 403215-403223 call 40303e 227->236 237 403135-40314c 235->237 242 403225-403228 236->242 243 403278-40327d 236->243 239 403150-403159 call 4034f4 237->239 240 40314e 237->240 249 40327f-403287 call 40303e 239->249 250 40315f-403166 239->250 240->239 245 40322a-403242 call 40350a call 4034f4 242->245 246 40324c-403276 GlobalAlloc call 40350a call 4032d9 242->246 243->228 245->243 269 403244-40324a 245->269 246->243 274 403289-40329a 246->274 249->243 253 4031e2-4031e6 250->253 254 403168-40317c call 406022 250->254 258 4031f0-4031f6 253->258 259 4031e8-4031ef call 40303e 253->259 254->258 272 40317e-403185 254->272 265 403205-40320d 258->265 266 4031f8-403202 call 406a58 258->266 259->258 265->237 273 403213 265->273 266->265 269->243 269->246 272->258 278 403187-40318e 272->278 273->236 275 4032a2-4032a7 274->275 276 40329c 274->276 279 4032a8-4032ae 275->279 276->275 278->258 280 403190-403197 278->280 279->279 281 4032b0-4032cb SetFilePointer call 406022 279->281 280->258 282 403199-4031a0 280->282 285 4032d0 281->285 282->258 284 4031a2-4031c2 282->284 284->243 286 4031c8-4031cc 284->286 285->228 287 4031d4-4031dc 286->287 288 4031ce-4031d2 286->288 287->258 289 4031de-4031e0 287->289 288->273 288->287 289->258
                                APIs
                                • GetTickCount.KERNEL32 ref: 004030B3
                                • GetModuleFileNameW.KERNEL32(00000000,00442800,00000400), ref: 004030CF
                                  • Part of subcall function 00406067: GetFileAttributesW.KERNELBASE(00000003,004030E2,00442800,80000000,00000003), ref: 0040606B
                                  • Part of subcall function 00406067: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040608D
                                • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\users\public,C:\users\public,00442800,00442800,80000000,00000003), ref: 0040311B
                                • GlobalAlloc.KERNELBASE(00000040,?), ref: 00403251
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\users\public$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                • API String ID: 2803837635-1304443319
                                • Opcode ID: 18071a83ec6fb142dc69507f2a99f9a57da6e94b99e66eca773901507235fdac
                                • Instruction ID: 55eb758a8cc994b5b8f5e8324c308f37a69edd03a8198e206d37cac48cd63750
                                • Opcode Fuzzy Hash: 18071a83ec6fb142dc69507f2a99f9a57da6e94b99e66eca773901507235fdac
                                • Instruction Fuzzy Hash: E9519171900204AFDB209FA5DD86B9E7EACEB09356F20417BF504B62D1C7789F408BAD

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 290 4065b4-4065bd 291 4065d0-4065ea 290->291 292 4065bf-4065ce 290->292 293 4065f0-4065fc 291->293 294 4067fa-406800 291->294 292->291 293->294 295 406602-406609 293->295 296 406806-406813 294->296 297 40660e-40661b 294->297 295->294 299 406815-40681a call 406577 296->299 300 40681f-406822 296->300 297->296 298 406621-40662a 297->298 301 406630-406673 298->301 302 4067e7 298->302 299->300 306 406679-406685 301->306 307 40678b-40678f 301->307 304 4067f5-4067f8 302->304 305 4067e9-4067f3 302->305 304->294 305->294 308 406687 306->308 309 40668f-406691 306->309 310 406791-406798 307->310 311 4067c3-4067c7 307->311 308->309 316 406693-4066b9 call 406445 309->316 317 4066cb-4066ce 309->317 314 4067a8-4067b4 call 406577 310->314 315 40679a-4067a6 call 4064be 310->315 312 4067d7-4067e5 lstrlenW 311->312 313 4067c9-4067d2 call 4065b4 311->313 312->294 313->312 329 4067b9-4067bf 314->329 315->329 332 406773-406776 316->332 334 4066bf-4066c6 call 4065b4 316->334 318 4066d0-4066dc GetSystemDirectoryW 317->318 319 4066e1-4066e4 317->319 324 40676e-406771 318->324 325 4066f6-4066fa 319->325 326 4066e6-4066f2 GetWindowsDirectoryW 319->326 331 406783-406789 call 406825 324->331 324->332 325->324 333 4066fc-40671a 325->333 326->325 329->312 330 4067c1 329->330 330->331 331->312 332->331 335 406778-40677e lstrcatW 332->335 337 40671c-406722 333->337 338 40672e-406746 call 40696b 333->338 334->324 335->331 343 40672a-40672c 337->343 347 406748-40675b SHGetPathFromIDListW CoTaskMemFree 338->347 348 40675d-406766 338->348 343->338 345 406768-40676c 343->345 345->324 347->345 347->348 348->333 348->345
                                APIs
                                • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,00000400), ref: 004066D6
                                • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,00000400,00000000,0042BA48,?,?,00000000,00000000,?,759223A0), ref: 004066EC
                                • SHGetPathFromIDListW.SHELL32(00000000,"C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l), ref: 0040674A
                                • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 00406753
                                • lstrcatW.KERNEL32("C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,\Microsoft\Internet Explorer\Quick Launch,00000000,0042BA48,?,?,00000000,00000000,?,759223A0), ref: 0040677E
                                • lstrlenW.KERNEL32("C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,00000000,0042BA48,?,?,00000000,00000000,?,759223A0), ref: 004067D8
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                • String ID: "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                • API String ID: 4024019347-1751192266
                                • Opcode ID: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
                                • Instruction ID: fc4c1bf1ff31ba1b34cdfc75387d7881e57296f2874843d1a5ebc397bafcf832
                                • Opcode Fuzzy Hash: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
                                • Instruction Fuzzy Hash: D16135716042009BD720AF24DD80B6B76E8EF85328F12453FF647B32D0DB7D9961865E

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 349 4032d9-4032f0 350 4032f2 349->350 351 4032f9-403302 349->351 350->351 352 403304 351->352 353 40330b-403310 351->353 352->353 354 403320-40332d call 4034f4 353->354 355 403312-40331b call 40350a 353->355 359 4034e2 354->359 360 403333-403337 354->360 355->354 361 4034e4-4034e5 359->361 362 40348d-40348f 360->362 363 40333d-403386 GetTickCount 360->363 366 4034ed-4034f1 361->366 364 403491-403494 362->364 365 4034cf-4034d2 362->365 367 4034ea 363->367 368 40338c-403394 363->368 364->367 371 403496 364->371 369 4034d4 365->369 370 4034d7-4034e0 call 4034f4 365->370 367->366 372 403396 368->372 373 403399-4033a7 call 4034f4 368->373 369->370 370->359 382 4034e7 370->382 375 403499-40349f 371->375 372->373 373->359 381 4033ad-4033b6 373->381 379 4034a1 375->379 380 4034a3-4034b1 call 4034f4 375->380 379->380 380->359 386 4034b3-4034b8 call 406119 380->386 384 4033bc-4033dc call 406ac6 381->384 382->367 391 4033e2-4033f5 GetTickCount 384->391 392 403485-403487 384->392 390 4034bd-4034bf 386->390 393 4034c1-4034cb 390->393 394 403489-40348b 390->394 395 403440-403442 391->395 396 4033f7-4033ff 391->396 392->361 393->375 397 4034cd 393->397 394->361 400 403444-403448 395->400 401 403479-40347d 395->401 398 403401-403405 396->398 399 403407-40343d MulDiv wsprintfW call 4055fc 396->399 397->367 398->395 398->399 399->395 404 40344a-403458 call 406119 400->404 405 40345f-40346a 400->405 401->368 402 403483 401->402 402->367 404->394 411 40345a-40345d 404->411 406 40346d-403471 405->406 406->384 409 403477 406->409 409->367 411->406
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CountTick$wsprintf
                                • String ID: *B$ A$ A$... %d%%
                                • API String ID: 551687249-3485722521
                                • Opcode ID: 6d935c58c9c1f66a15f185bc6e4e505f3dabe6c18ce33db7fed369594a7e0453
                                • Instruction ID: 3a086bfa1ae904988031f2e91e2ff9394e13111a018eeb379290de00703e2b75
                                • Opcode Fuzzy Hash: 6d935c58c9c1f66a15f185bc6e4e505f3dabe6c18ce33db7fed369594a7e0453
                                • Instruction Fuzzy Hash: 2F519F71900219DBCB11DF65DA44B9E7FB8AF44766F10413BE810BB2D1C7789A40CBA9

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 412 401794-4017b9 call 402dcb call 405ebd 417 4017c3-4017d5 call 406577 call 405e46 lstrcatW 412->417 418 4017bb-4017c1 call 406577 412->418 423 4017da-4017db call 406825 417->423 418->423 427 4017e0-4017e4 423->427 428 4017e6-4017f0 call 4068d4 427->428 429 401817-40181a 427->429 436 401802-401814 428->436 437 4017f2-401800 CompareFileTime 428->437 431 401822-40183e call 406067 429->431 432 40181c-40181d call 406042 429->432 439 401840-401843 431->439 440 4018b2-4018db call 4055fc call 4032d9 431->440 432->431 436->429 437->436 442 401894-40189e call 4055fc 439->442 443 401845-401883 call 406577 * 2 call 4065b4 call 406577 call 405bd7 439->443 454 4018e3-4018ef SetFileTime 440->454 455 4018dd-4018e1 440->455 452 4018a7-4018ad 442->452 443->427 475 401889-40188a 443->475 456 402c58 452->456 458 4018f5-401900 CloseHandle 454->458 455->454 455->458 462 402c5a-402c5e 456->462 460 401906-401909 458->460 461 402c4f-402c52 458->461 464 40190b-40191c call 4065b4 lstrcatW 460->464 465 40191e-401921 call 4065b4 460->465 461->456 471 401926-4023c7 call 405bd7 464->471 465->471 471->462 478 402953-40295a 471->478 475->452 477 40188c-40188d 475->477 477->442 478->461
                                APIs
                                • lstrcatW.KERNEL32(00000000,00000000,"C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,C:\Users\user\AppData\Roaming\RDBNT,?,?,00000031), ref: 004017D5
                                • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,"C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,00000000,00000000,"C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,C:\Users\user\AppData\Roaming\RDBNT,?,?,00000031), ref: 004017FA
                                  • Part of subcall function 00406577: lstrcpynW.KERNEL32(?,?,00000400,004036C4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406584
                                  • Part of subcall function 004055FC: lstrlenW.KERNEL32(0042BA48,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040343D,00000000,?), ref: 00405634
                                  • Part of subcall function 004055FC: lstrlenW.KERNEL32(0040343D,0042BA48,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040343D,00000000), ref: 00405644
                                  • Part of subcall function 004055FC: lstrcatW.KERNEL32(0042BA48,0040343D,0040343D,0042BA48,00000000,?,759223A0), ref: 00405657
                                  • Part of subcall function 004055FC: SetWindowTextW.USER32(0042BA48,0042BA48), ref: 00405669
                                  • Part of subcall function 004055FC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040568F
                                  • Part of subcall function 004055FC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004056A9
                                  • Part of subcall function 004055FC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004056B7
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                • String ID: "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l$C:\Users\user\AppData\Roaming\RDBNT$C:\Users\user\AppData\Roaming\RDBNT
                                • API String ID: 1941528284-1169163433
                                • Opcode ID: a58ea0222ac98990420b303d55ec3153f41b92666d08849931790dc50ba9057a
                                • Instruction ID: 896c0c78208a39cbb5dd39340d0745d1a2bf2ace5f7797069eceb710e9101d93
                                • Opcode Fuzzy Hash: a58ea0222ac98990420b303d55ec3153f41b92666d08849931790dc50ba9057a
                                • Instruction Fuzzy Hash: 4C41B671900108BACB117BB5DD85DBE7AB9EF45328F21423FF412B10E2D73C8A919A2D

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 479 4068fb-40691b GetSystemDirectoryW 480 40691d 479->480 481 40691f-406921 479->481 480->481 482 406932-406934 481->482 483 406923-40692c 481->483 485 406935-406968 wsprintfW LoadLibraryExW 482->485 483->482 484 40692e-406930 483->484 484->485
                                APIs
                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406912
                                • wsprintfW.USER32 ref: 0040694D
                                • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406961
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                • String ID: %s%S.dll$UXTHEME
                                • API String ID: 2200240437-1106614640
                                • Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                • Instruction ID: 6d7bab0cfc2d48cbbbe6bb2f91b005b1c0391479526b60628745523d5c0137a7
                                • Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                • Instruction Fuzzy Hash: 66F02B71501129A7CF10AB68DD0EF9F376CAB00304F10447AA646F10E0EB7CDB69CB98

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 486 406096-4060a2 487 4060a3-4060d7 GetTickCount GetTempFileNameW 486->487 488 4060e6-4060e8 487->488 489 4060d9-4060db 487->489 491 4060e0-4060e3 488->491 489->487 490 4060dd 489->490 490->491
                                APIs
                                • GetTickCount.KERNEL32 ref: 004060B4
                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403550,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C), ref: 004060CF
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CountFileNameTempTick
                                • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                • API String ID: 1716503409-44229769
                                • Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                • Instruction ID: 0f0e971a11aa9000600537ad3b21051f2e76e4828209a3ca974843c19b3e0847
                                • Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                • Instruction Fuzzy Hash: B5F09076B40204BBEB00CF69ED05F9EB7ACEBA5750F11803AE901F7180E6B099648768

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 492 4015e6-4015fa call 402dcb call 405ef1 497 401656-401659 492->497 498 4015fc-40160f call 405e73 492->498 500 401688-40231b call 401423 497->500 501 40165b-40167a call 401423 call 406577 SetCurrentDirectoryW 497->501 505 401611-401614 498->505 506 401629-40162c call 405b25 498->506 515 402c4f-402c5e 500->515 501->515 518 401680-401683 501->518 505->506 509 401616-40161d call 405b42 505->509 516 401631-401633 506->516 509->506 522 40161f-401627 call 405acb 509->522 519 401635-40163a 516->519 520 40164c-401654 516->520 518->515 523 401649 519->523 524 40163c-401647 GetFileAttributesW 519->524 520->497 520->498 522->516 523->520 524->520 524->523
                                APIs
                                  • Part of subcall function 00405EF1: CharNextW.USER32(?,?,0042F270,?,00405F65,0042F270,0042F270,75923420,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,75923420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405EFF
                                  • Part of subcall function 00405EF1: CharNextW.USER32(00000000), ref: 00405F04
                                  • Part of subcall function 00405EF1: CharNextW.USER32(00000000), ref: 00405F1C
                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040163F
                                  • Part of subcall function 00405ACB: CreateDirectoryW.KERNEL32(00437800,?), ref: 00405B0D
                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\RDBNT,?,00000000,000000F0), ref: 00401672
                                Strings
                                • C:\Users\user\AppData\Roaming\RDBNT, xrefs: 00401665
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                • String ID: C:\Users\user\AppData\Roaming\RDBNT
                                • API String ID: 1892508949-2153498286
                                • Opcode ID: 8b23014e874117772ebc9062bae1ca4a158d3493fb016c70d1ca52ef0131588f
                                • Instruction ID: 104414052cab316a424bfe0d2ff1de268c148956b102069c6a2fab9df067ebf3
                                • Opcode Fuzzy Hash: 8b23014e874117772ebc9062bae1ca4a158d3493fb016c70d1ca52ef0131588f
                                • Instruction Fuzzy Hash: 0911BE31804514ABCF206FA5CD01AAE36B0EF14368B25493BE941B22F1C63A4A41DA5D

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 528 401389-40138e 529 4013fa-4013fc 528->529 530 401390-4013a0 529->530 531 4013fe 529->531 530->531 533 4013a2-4013a3 call 401434 530->533 532 401400-401401 531->532 535 4013a8-4013ad 533->535 536 401404-401409 535->536 537 4013af-4013b7 call 40136d 535->537 536->532 540 4013b9-4013bb 537->540 541 4013bd-4013c2 537->541 542 4013c4-4013c9 540->542 541->542 542->529 543 4013cb-4013f4 MulDiv SendMessageW 542->543 543->529
                                APIs
                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                • SendMessageW.USER32(0040A2D8,00000402,00000000), ref: 004013F4
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: MessageSend
                                • String ID:
                                • API String ID: 3850602802-0
                                • Opcode ID: a48e27458ca857e7bf1c95edfaa4f4fc3f64b4f364872359a8149092e2b898a4
                                • Instruction ID: 0adee223d2b7ba7d815a442a2885e1f2b60e3b86eb1a18037e9b6c54a102055c
                                • Opcode Fuzzy Hash: a48e27458ca857e7bf1c95edfaa4f4fc3f64b4f364872359a8149092e2b898a4
                                • Instruction Fuzzy Hash: 0E01FF31620220AFE7195B389E05B6B3698E710329F10863FF851F62F1EA78DC429B4C

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 544 405b5a-405b8b CreateProcessW 545 405b99-405b9a 544->545 546 405b8d-405b96 CloseHandle 544->546 546->545
                                APIs
                                • CreateProcessW.KERNELBASE(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B83
                                • CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B90
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CloseCreateHandleProcess
                                • String ID:
                                • API String ID: 3712363035-0
                                • Opcode ID: 6fd2602221babf1a8a9a6246b82f99e4ae13039f11edd6951af80fecf8f79ee2
                                • Instruction ID: 1d4bd4e17b1592c090cadeee614c80d4297d43de2f88d62204b9ca700bb873e4
                                • Opcode Fuzzy Hash: 6fd2602221babf1a8a9a6246b82f99e4ae13039f11edd6951af80fecf8f79ee2
                                • Instruction Fuzzy Hash: C9E09AB4600219BFFB109B64AD06F7B767CE704604F408475BD15E6151D774A8158A78

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 547 40696b-406985 GetModuleHandleA 548 406991-40699e GetProcAddress 547->548 549 406987-406988 call 4068fb 547->549 551 4069a2-4069a4 548->551 552 40698d-40698f 549->552 552->548 553 4069a0 552->553 553->551
                                APIs
                                • GetModuleHandleA.KERNEL32(?,00000020,?,00403662,0000000C,?,?,?,?,?,?,?,?), ref: 0040697D
                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406998
                                  • Part of subcall function 004068FB: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406912
                                  • Part of subcall function 004068FB: wsprintfW.USER32 ref: 0040694D
                                  • Part of subcall function 004068FB: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406961
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                • String ID:
                                • API String ID: 2547128583-0
                                • Opcode ID: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                • Instruction ID: f16a4ad3e9102b165210d3f50f6adbe363033f5fe81171ed8a06a41b6d2757eb
                                • Opcode Fuzzy Hash: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                • Instruction Fuzzy Hash: F1E08673504311AAD6105B759D0492772E89F89750302443EF986F2140DB38EC32A6AE

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 554 406067-406093 GetFileAttributesW CreateFileW
                                APIs
                                • GetFileAttributesW.KERNELBASE(00000003,004030E2,00442800,80000000,00000003), ref: 0040606B
                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040608D
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: File$AttributesCreate
                                • String ID:
                                • API String ID: 415043291-0
                                • Opcode ID: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                • Instruction ID: 9d50a09f5748d4f60ef03139cc16a9656d1073ae209d3065c053d14625e31d4c
                                • Opcode Fuzzy Hash: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                • Instruction Fuzzy Hash: 87D09E31654301AFEF098F20DE16F2EBAA2EB84B00F11552CB682941E0DA715819DB15

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 555 406042-406052 GetFileAttributesW 556 406061-406064 555->556 557 406054-40605b SetFileAttributesW 555->557 557->556
                                APIs
                                • GetFileAttributesW.KERNELBASE(?,?,00405C47,?,?,00000000,00405E1D,?,?,?,?), ref: 00406047
                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 0040605B
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: AttributesFile
                                • String ID:
                                • API String ID: 3188754299-0
                                • Opcode ID: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                • Instruction ID: a0ae240d833e004fe72580c92a9f2193965d94811d262e1a0a63bc04ff00b3bc
                                • Opcode Fuzzy Hash: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                • Instruction Fuzzy Hash: 7ED0C972504220AFC2102728AE0889BBB55DB542717028A35F8A9A22B0CB304CA68694

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 558 405b25-405b33 CreateDirectoryW 559 405b35-405b37 558->559 560 405b39 GetLastError 558->560 561 405b3f 559->561 560->561
                                APIs
                                • CreateDirectoryW.KERNELBASE(?,00000000,00403545,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00405B2B
                                • GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405B39
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CreateDirectoryErrorLast
                                • String ID:
                                • API String ID: 1375471231-0
                                • Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                • Instruction ID: 2532c664264170c07cbc731aa09703a23e3881c092aaf3b019fc47175ec23a7b
                                • Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                • Instruction Fuzzy Hash: 98C04C70604906DAD7505F219F087177960AB50741F158439A6C7F40A0DA74A455D92D
                                APIs
                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034BD,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 0040612D
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: FileWrite
                                • String ID:
                                • API String ID: 3934441357-0
                                • Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                • Instruction ID: 5447fabf40714e60d37a3b8d529c829a5aab84dab7567664cea5a9789522ebfd
                                • Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                • Instruction Fuzzy Hash: DFE08C3221021ABBDF109E518C00EEB3B6CEB003A0F014432FD26E7050D630E86097A4
                                APIs
                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403507,00000000,00000000,0040332B,000000FF,00000004,00000000,00000000,00000000), ref: 004060FE
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: FileRead
                                • String ID:
                                • API String ID: 2738559852-0
                                • Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                • Instruction ID: 2902185137110ca2ffdb2282e3c832ce644deeff7f1201e2b4f2572205eed693
                                • Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                • Instruction Fuzzy Hash: D0E08C3221021AABCF109E508C01EEB3BACFF043A0F014432FD12EB042D230E9229BA4
                                APIs
                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403267,?), ref: 00403518
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: FilePointer
                                • String ID:
                                • API String ID: 973152223-0
                                • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                APIs
                                  • Part of subcall function 004055FC: lstrlenW.KERNEL32(0042BA48,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040343D,00000000,?), ref: 00405634
                                  • Part of subcall function 004055FC: lstrlenW.KERNEL32(0040343D,0042BA48,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040343D,00000000), ref: 00405644
                                  • Part of subcall function 004055FC: lstrcatW.KERNEL32(0042BA48,0040343D,0040343D,0042BA48,00000000,?,759223A0), ref: 00405657
                                  • Part of subcall function 004055FC: SetWindowTextW.USER32(0042BA48,0042BA48), ref: 00405669
                                  • Part of subcall function 004055FC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040568F
                                  • Part of subcall function 004055FC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004056A9
                                  • Part of subcall function 004055FC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004056B7
                                  • Part of subcall function 00405B5A: CreateProcessW.KERNELBASE(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B83
                                  • Part of subcall function 00405B5A: CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B90
                                • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00402010
                                  • Part of subcall function 00406A16: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406A27
                                  • Part of subcall function 00406A16: GetExitCodeProcess.KERNEL32(?,?), ref: 00406A49
                                  • Part of subcall function 004064BE: wsprintfW.USER32 ref: 004064CB
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                • String ID:
                                • API String ID: 2972824698-0
                                • Opcode ID: 6cbd08055d6f438539874c7bc34098d0ff44dcb21f28870e7b48abad10dfc107
                                • Instruction ID: 3bd5da99d2ff211530604a8704e688701187be5a7f5114c752edafe9c60b233e
                                • Opcode Fuzzy Hash: 6cbd08055d6f438539874c7bc34098d0ff44dcb21f28870e7b48abad10dfc107
                                • Instruction Fuzzy Hash: 82F0F6329041119BDB20BBA18A895DE76A4CF00318F21803FE202B21C6CBBC4D41AB6E
                                APIs
                                • CloseHandle.KERNEL32(FFFFFFFF,00403AA2,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403B7A
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CloseHandle
                                • String ID:
                                • API String ID: 2962429428-0
                                • Opcode ID: 3a0e7e5e5cdf62e96be2142a5155a3d8c657aa15ddb96e9066be89a7fa45203e
                                • Instruction ID: 1b7086e6f2e4317af50c710f47857d00c701bc700238930339e1f9ec47f16c49
                                • Opcode Fuzzy Hash: 3a0e7e5e5cdf62e96be2142a5155a3d8c657aa15ddb96e9066be89a7fa45203e
                                • Instruction Fuzzy Hash: 38C0223010070086F0202F389E0FA183A24670073DBA08329B0B8F00F3CF7C164C841D
                                APIs
                                • GetDlgItem.USER32(?,00000403), ref: 00405799
                                • GetDlgItem.USER32(?,000003EE), ref: 004057A8
                                • GetClientRect.USER32(?,?), ref: 004057E5
                                • GetSystemMetrics.USER32(00000002), ref: 004057EC
                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 0040580D
                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040581E
                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405831
                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040583F
                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405852
                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405874
                                • ShowWindow.USER32(?,00000008), ref: 00405888
                                • GetDlgItem.USER32(?,000003EC), ref: 004058A9
                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004058B9
                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004058D2
                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004058DE
                                • GetDlgItem.USER32(?,000003F8), ref: 004057B7
                                  • Part of subcall function 0040452B: SendMessageW.USER32(00000028,?,00000001,00404356), ref: 00404539
                                • GetDlgItem.USER32(?,000003EC), ref: 004058FB
                                • CreateThread.KERNEL32(00000000,00000000,Function_000056CF,00000000), ref: 00405909
                                • CloseHandle.KERNEL32(00000000), ref: 00405910
                                • ShowWindow.USER32(00000000), ref: 00405934
                                • ShowWindow.USER32(?,00000008), ref: 00405939
                                • ShowWindow.USER32(00000008), ref: 00405983
                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004059B7
                                • CreatePopupMenu.USER32 ref: 004059C8
                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004059DC
                                • GetWindowRect.USER32(?,?), ref: 004059FC
                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405A15
                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A4D
                                • OpenClipboard.USER32(00000000), ref: 00405A5D
                                • EmptyClipboard.USER32 ref: 00405A63
                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A6F
                                • GlobalLock.KERNEL32(00000000), ref: 00405A79
                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A8D
                                • GlobalUnlock.KERNEL32(00000000), ref: 00405AAD
                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405AB8
                                • CloseClipboard.USER32 ref: 00405ABE
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                • String ID: {
                                • API String ID: 590372296-366298937
                                • Opcode ID: dfead9bfc37cf3db2b35e915a87c725964709008a4f247d6999fb4be6a1ac7a0
                                • Instruction ID: d3b07f9c2581fb6b60ef1a2666babd9f8dcdaaa8066b0d43d813b8afd8e95190
                                • Opcode Fuzzy Hash: dfead9bfc37cf3db2b35e915a87c725964709008a4f247d6999fb4be6a1ac7a0
                                • Instruction Fuzzy Hash: 03B159B0900608FFDF11AF60DD89AAE7B79FB48355F00813AFA45BA1A0C7785A51DF58
                                APIs
                                • GetDlgItem.USER32(?,000003FB), ref: 00404A36
                                • SetWindowTextW.USER32(00000000,?), ref: 00404A60
                                • SHBrowseForFolderW.SHELL32(?), ref: 00404B11
                                • CoTaskMemFree.OLE32(00000000), ref: 00404B1C
                                • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,0042CA68,00000000,?,?), ref: 00404B4E
                                • lstrcatW.KERNEL32(?,"C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l), ref: 00404B5A
                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B6C
                                  • Part of subcall function 00405BBB: GetDlgItemTextW.USER32(?,?,00000400,00404BA3), ref: 00405BCE
                                  • Part of subcall function 00406825: CharNextW.USER32(?,*?|<>/":,00000000,0043F000,75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00406888
                                  • Part of subcall function 00406825: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406897
                                  • Part of subcall function 00406825: CharNextW.USER32(?,0043F000,75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 0040689C
                                  • Part of subcall function 00406825: CharPrevW.USER32(?,?,75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 004068AF
                                • GetDiskFreeSpaceW.KERNEL32(0042AA38,?,?,0000040F,?,0042AA38,0042AA38,?,00000001,0042AA38,?,?,000003FB,?), ref: 00404C2F
                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404C4A
                                  • Part of subcall function 00404DA3: lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E44
                                  • Part of subcall function 00404DA3: wsprintfW.USER32 ref: 00404E4D
                                  • Part of subcall function 00404DA3: SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E60
                                Strings
                                • "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l, xrefs: 00404B48, 00404B4D, 00404B58
                                • A, xrefs: 00404B0A
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                • String ID: "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l$A
                                • API String ID: 2624150263-1401299251
                                • Opcode ID: 716f91307e0c0206c4811f73cf3aa40f2f43fcc6cf09981b0470e9a043fb6368
                                • Instruction ID: 819d6111372f9eb468737b2dc9595d459319e5efb98401d1644bfd8e85b56d65
                                • Opcode Fuzzy Hash: 716f91307e0c0206c4811f73cf3aa40f2f43fcc6cf09981b0470e9a043fb6368
                                • Instruction Fuzzy Hash: 14A180B1901208ABDB11EFA5DD45BAFB7B8EF84314F11803BF601B62D1D77C9A418B69
                                APIs
                                • DeleteFileW.KERNEL32(?,?,75923420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405CAC
                                • lstrcatW.KERNEL32(0042EA70,\*.*,0042EA70,?,?,75923420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405CF4
                                • lstrcatW.KERNEL32(?,0040A014,?,0042EA70,?,?,75923420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405D17
                                • lstrlenW.KERNEL32(?,?,0040A014,?,0042EA70,?,?,75923420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405D1D
                                • FindFirstFileW.KERNEL32(0042EA70,?,?,?,0040A014,?,0042EA70,?,?,75923420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405D2D
                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405DCD
                                • FindClose.KERNEL32(00000000), ref: 00405DDC
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                • String ID: C:\Users\user\AppData\Local\Temp\$\*.*$pB
                                • API String ID: 2035342205-1746305512
                                • Opcode ID: 22bb0f4a0285bec378f517b8b25bc548c1454a96ed25189fc1485adbf29640f7
                                • Instruction ID: 26a84cf893ecfac7fe2d2a8ab9ced37764d13583991ceadb599b2dfedf858990
                                • Opcode Fuzzy Hash: 22bb0f4a0285bec378f517b8b25bc548c1454a96ed25189fc1485adbf29640f7
                                • Instruction Fuzzy Hash: 8E41B030800A18B6CB21AB65DC4DAAF7778EF42718F10813BF851711D1DB7C4A82DEAE
                                APIs
                                • CoCreateInstance.OLE32(004085E8,?,00000001,004085D8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040224E
                                Strings
                                • C:\Users\user\AppData\Roaming\RDBNT, xrefs: 0040228E
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CreateInstance
                                • String ID: C:\Users\user\AppData\Roaming\RDBNT
                                • API String ID: 542301482-2153498286
                                • Opcode ID: 2ea10d9ea62cde922a238e3bbbbd5ec5bc19de412f736f9070a899e80d1e9b13
                                • Instruction ID: 879178e2914a864b6efeea5842d2d3985b85c893096dfa9a9f6c7732eb85e553
                                • Opcode Fuzzy Hash: 2ea10d9ea62cde922a238e3bbbbd5ec5bc19de412f736f9070a899e80d1e9b13
                                • Instruction Fuzzy Hash: D1412571A00209AFCB00DFE4CA89A9D7BB5FF48318B20457EF505EB2D1DB799981CB54
                                APIs
                                • GetDlgItem.USER32(?,000003F9), ref: 00404F7B
                                • GetDlgItem.USER32(?,00000408), ref: 00404F86
                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404FD0
                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404FE7
                                • SetWindowLongW.USER32(?,000000FC,00405570), ref: 00405000
                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00405014
                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00405026
                                • SendMessageW.USER32(?,00001109,00000002), ref: 0040503C
                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405048
                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 0040505A
                                • DeleteObject.GDI32(00000000), ref: 0040505D
                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405088
                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405094
                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040512F
                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040515F
                                  • Part of subcall function 0040452B: SendMessageW.USER32(00000028,?,00000001,00404356), ref: 00404539
                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405173
                                • GetWindowLongW.USER32(?,000000F0), ref: 004051A1
                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004051AF
                                • ShowWindow.USER32(?,00000005), ref: 004051BF
                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 004052BA
                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040531F
                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405334
                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405358
                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405378
                                • ImageList_Destroy.COMCTL32(?), ref: 0040538D
                                • GlobalFree.KERNEL32(?), ref: 0040539D
                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405416
                                • SendMessageW.USER32(?,00001102,?,?), ref: 004054BF
                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004054CE
                                • InvalidateRect.USER32(?,00000000,00000001), ref: 004054F9
                                • ShowWindow.USER32(?,00000000), ref: 00405547
                                • GetDlgItem.USER32(?,000003FE), ref: 00405552
                                • ShowWindow.USER32(00000000), ref: 00405559
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                • String ID: $M$N
                                • API String ID: 2564846305-813528018
                                • Opcode ID: 90cd5b96e7067808b838d0f88060242d92195fc86ed4621a895529849429e476
                                • Instruction ID: 2b71226c2ce540754c325362a134889399d6c5c4637dca841463e5b600fa6882
                                • Opcode Fuzzy Hash: 90cd5b96e7067808b838d0f88060242d92195fc86ed4621a895529849429e476
                                • Instruction Fuzzy Hash: 8802AD70900608AFDF20DFA8DD85AAF7BB5FB45314F10817AE611BA2E1D7798A41CF58
                                APIs
                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404033
                                • ShowWindow.USER32(?), ref: 00404053
                                • GetWindowLongW.USER32(?,000000F0), ref: 00404065
                                • ShowWindow.USER32(?,00000004), ref: 0040407E
                                • DestroyWindow.USER32 ref: 00404092
                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 004040AB
                                • GetDlgItem.USER32(?,?), ref: 004040CA
                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004040DE
                                • IsWindowEnabled.USER32(00000000), ref: 004040E5
                                • GetDlgItem.USER32(?,00000001), ref: 00404190
                                • GetDlgItem.USER32(?,00000002), ref: 0040419A
                                • SetClassLongW.USER32(?,000000F2,?), ref: 004041B4
                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404205
                                • GetDlgItem.USER32(?,00000003), ref: 004042AB
                                • ShowWindow.USER32(00000000,?), ref: 004042CC
                                • EnableWindow.USER32(?,?), ref: 004042DE
                                • EnableWindow.USER32(?,?), ref: 004042F9
                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040430F
                                • EnableMenuItem.USER32(00000000), ref: 00404316
                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040432E
                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404341
                                • lstrlenW.KERNEL32(0042CA68,?,0042CA68,00000000), ref: 0040436B
                                • SetWindowTextW.USER32(?,0042CA68), ref: 0040437F
                                • ShowWindow.USER32(?,0000000A), ref: 004044B3
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
                                • String ID:
                                • API String ID: 1860320154-0
                                • Opcode ID: 85e06a1bfb462d71b49bda8b571905cea54c43c8c85ee92c4a54339351a5f343
                                • Instruction ID: 8cad316efbf8f9c89f6feec2797fb874042f4abab253e3557332251604c97906
                                • Opcode Fuzzy Hash: 85e06a1bfb462d71b49bda8b571905cea54c43c8c85ee92c4a54339351a5f343
                                • Instruction Fuzzy Hash: C6C1A1B1500204BBDB206F61EE89E2B3AA8FB85755F01453EF751B51F0CB39A8529B2D
                                APIs
                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404753
                                • GetDlgItem.USER32(?,000003E8), ref: 00404767
                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404784
                                • GetSysColor.USER32(?), ref: 00404795
                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004047A3
                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004047B1
                                • lstrlenW.KERNEL32(?), ref: 004047B6
                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004047C3
                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004047D8
                                • GetDlgItem.USER32(?,0000040A), ref: 00404831
                                • SendMessageW.USER32(00000000), ref: 00404838
                                • GetDlgItem.USER32(?,000003E8), ref: 00404863
                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004048A6
                                • LoadCursorW.USER32(00000000,00007F02), ref: 004048B4
                                • SetCursor.USER32(00000000), ref: 004048B7
                                • LoadCursorW.USER32(00000000,00007F00), ref: 004048D0
                                • SetCursor.USER32(00000000), ref: 004048D3
                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404902
                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404914
                                Strings
                                • "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l, xrefs: 00404892
                                • N, xrefs: 00404851
                                • ,F@, xrefs: 004048BF
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                • String ID: "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l$,F@$N
                                • API String ID: 3103080414-2854563819
                                • Opcode ID: ffd7346a229d966f7877475afaa511d8b27e78dae7af650fbb9c2f9128a087cb
                                • Instruction ID: ccb0ec9a7d9d767aff215416cd1a2e620de701fb5c4a8d8609e67ea5798c0c5e
                                • Opcode Fuzzy Hash: ffd7346a229d966f7877475afaa511d8b27e78dae7af650fbb9c2f9128a087cb
                                • Instruction Fuzzy Hash: 046192F1900209BFDB10AF64DD85EAA7B69FB84315F00853AFB05B65E0C778A951CF98
                                APIs
                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                • BeginPaint.USER32(?,?), ref: 00401047
                                • GetClientRect.USER32(?,?), ref: 0040105B
                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                • DeleteObject.GDI32(?), ref: 004010ED
                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                • DrawTextW.USER32(00000000,00433700,000000FF,00000010,00000820), ref: 00401156
                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                • DeleteObject.GDI32(?), ref: 00401165
                                • EndPaint.USER32(?,?), ref: 0040116E
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                • String ID: F
                                • API String ID: 941294808-1304234792
                                • Opcode ID: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
                                • Instruction ID: eca0ad76d85821e0a7fbe67f508e5060b260b918cc65b70bf06bca200ae74670
                                • Opcode Fuzzy Hash: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
                                • Instruction Fuzzy Hash: 2F418B71800209AFCB058FA5DE459AFBFB9FF45314F00802EF591AA1A0C738EA54DFA4
                                APIs
                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406358,?,?), ref: 004061F8
                                • GetShortPathNameW.KERNEL32(?,00430108,00000400), ref: 00406201
                                  • Part of subcall function 00405FCC: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FDC
                                  • Part of subcall function 00405FCC: lstrlenA.KERNEL32(00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040600E
                                • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 0040621E
                                • wsprintfA.USER32 ref: 0040623C
                                • GetFileSize.KERNEL32(00000000,00000000,00430908,C0000000,00000004,00430908,?,?,?,?,?), ref: 00406277
                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406286
                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004062BE
                                • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,0042FD08,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 00406314
                                • GlobalFree.KERNEL32(00000000), ref: 00406325
                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040632C
                                  • Part of subcall function 00406067: GetFileAttributesW.KERNELBASE(00000003,004030E2,00442800,80000000,00000003), ref: 0040606B
                                  • Part of subcall function 00406067: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040608D
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                • String ID: %ls=%ls$[Rename]
                                • API String ID: 2171350718-461813615
                                • Opcode ID: 67e7abcb15a3b792ff514517dbaa51231beb97817eaf9b334bdc8e12bec0558b
                                • Instruction ID: 21ba76f912769f78f8e3df01d85e3e27af82f360ac84a16f7af8f01611abcd2b
                                • Opcode Fuzzy Hash: 67e7abcb15a3b792ff514517dbaa51231beb97817eaf9b334bdc8e12bec0558b
                                • Instruction Fuzzy Hash: 66314330240325BBD2206B659D48F6B3B6CDF45708F16043EFD42B62C2DA3C982486BD
                                APIs
                                • GetWindowLongW.USER32(?,000000EB), ref: 0040457A
                                • GetSysColor.USER32(00000000), ref: 004045B8
                                • SetTextColor.GDI32(?,00000000), ref: 004045C4
                                • SetBkMode.GDI32(?,?), ref: 004045D0
                                • GetSysColor.USER32(?), ref: 004045E3
                                • SetBkColor.GDI32(?,?), ref: 004045F3
                                • DeleteObject.GDI32(?), ref: 0040460D
                                • CreateBrushIndirect.GDI32(?), ref: 00404617
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                • String ID:
                                • API String ID: 2320649405-0
                                • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                • Instruction ID: 3bf72a8e0ffa46ee4049c610ab3cabbd6d50cfb344f29d4a8179c655b9565abb
                                • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                • Instruction Fuzzy Hash: 5C2165B1500B04ABC7319F38DE08B577BF4AF41715F04892EEA96A26E0D739D944CB54
                                APIs
                                • ReadFile.KERNEL32(?,?,?,?), ref: 0040277D
                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004027B8
                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027DB
                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027F1
                                  • Part of subcall function 00406148: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040615E
                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040289D
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                • String ID: 9
                                • API String ID: 163830602-2366072709
                                • Opcode ID: e6852b5c5fbfd8bc876860f3b14f1bcaed0b753dd9a04d4db6e12186382bd870
                                • Instruction ID: d1aefac9689752b6b3ea6a4f87dd4281ecbe68d6f3974aa7f4e2ef829afcd0bd
                                • Opcode Fuzzy Hash: e6852b5c5fbfd8bc876860f3b14f1bcaed0b753dd9a04d4db6e12186382bd870
                                • Instruction Fuzzy Hash: 66510C75D04119AADF20EFD4CA85AAEBBB9FF44304F14817BE501B62D0D7B89D828B58
                                APIs
                                • lstrlenW.KERNEL32(0042BA48,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040343D,00000000,?), ref: 00405634
                                • lstrlenW.KERNEL32(0040343D,0042BA48,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040343D,00000000), ref: 00405644
                                • lstrcatW.KERNEL32(0042BA48,0040343D,0040343D,0042BA48,00000000,?,759223A0), ref: 00405657
                                • SetWindowTextW.USER32(0042BA48,0042BA48), ref: 00405669
                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040568F
                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004056A9
                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 004056B7
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                • String ID:
                                • API String ID: 2531174081-0
                                • Opcode ID: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
                                • Instruction ID: 60923f6e922cea494a698f26c75bee70e53a21f42b4b77269416c2a585f1ce57
                                • Opcode Fuzzy Hash: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
                                • Instruction Fuzzy Hash: 9A21A171900258BACB119FA5ED449DFBFB4EF45310F50843AF908B22A0C3794A40CFA8
                                APIs
                                • CharNextW.USER32(?,*?|<>/":,00000000,0043F000,75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00406888
                                • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406897
                                • CharNextW.USER32(?,0043F000,75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 0040689C
                                • CharPrevW.USER32(?,?,75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 004068AF
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Char$Next$Prev
                                • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                • API String ID: 589700163-1201062745
                                • Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                • Instruction ID: bedb2e6347f460b6a244a356934bd0223db9426f0f89d28790e15ec7ef568a4f
                                • Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                • Instruction Fuzzy Hash: C911B66780221295DB303B148C40A7762A8AF59754F56C43FED86732C0E77C5C9282AD
                                APIs
                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404ECC
                                • GetMessagePos.USER32 ref: 00404ED4
                                • ScreenToClient.USER32(?,?), ref: 00404EEE
                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404F00
                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404F26
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Message$Send$ClientScreen
                                • String ID: f
                                • API String ID: 41195575-1993550816
                                • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                • Instruction ID: fe1e2a7802b6c51c8f018a14413b1ee553013da7dc16083b389f375565560bf3
                                • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                • Instruction Fuzzy Hash: 20015E71900219BADB00DB94DD85BFEBBBCAF95711F10412BBB51B61D0C7B4AA418BA4
                                APIs
                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FD6
                                • MulDiv.KERNEL32(09A3F43F,00000064,?), ref: 00403001
                                • wsprintfW.USER32 ref: 00403011
                                • SetWindowTextW.USER32(?,?), ref: 00403021
                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403033
                                Strings
                                • verifying installer: %d%%, xrefs: 0040300B
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Text$ItemTimerWindowwsprintf
                                • String ID: verifying installer: %d%%
                                • API String ID: 1451636040-82062127
                                • Opcode ID: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
                                • Instruction ID: de78d71e2fb772fb87643f85aa6fa794cb5f2d0f129fd79c7e15704eeb750e6f
                                • Opcode Fuzzy Hash: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
                                • Instruction Fuzzy Hash: 85014F71640208BBEF209F60DD49FEE3B79AB04344F008039FA02B51D0DBB996559B59
                                APIs
                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029D6
                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029F2
                                • GlobalFree.KERNEL32(?), ref: 00402A2B
                                • GlobalFree.KERNEL32(00000000), ref: 00402A3E
                                • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A5A
                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A6D
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                • String ID:
                                • API String ID: 2667972263-0
                                • Opcode ID: bf19edcd9f5006e680e916d6cdac36739c80b8922926ab7d8fccc2e42281a72c
                                • Instruction ID: fd7949a1005e62e73a365a75524f2bbb059e9229dbd09bef2f8decdc6a7611be
                                • Opcode Fuzzy Hash: bf19edcd9f5006e680e916d6cdac36739c80b8922926ab7d8fccc2e42281a72c
                                • Instruction Fuzzy Hash: FA31A271D00124BBCF21AFA5CE89D9E7E79AF45324F14423AF421762E1CB798D418FA8
                                APIs
                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F22
                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F6E
                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F77
                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F8E
                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F99
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CloseEnum$DeleteValue
                                • String ID:
                                • API String ID: 1354259210-0
                                • Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                • Instruction ID: 446d876c474c9d83549856ad9cac23e68bb7371358ae7480bd0e7fa7c4692e5e
                                • Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                • Instruction Fuzzy Hash: 1D212A7150010ABFDF129F90CE89EEF7A7DEB54388F110076B909B21E0E7B58E54AA64
                                APIs
                                • GetDlgItem.USER32(?,?), ref: 00401DBF
                                • GetClientRect.USER32(?,?), ref: 00401E0A
                                • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E3A
                                • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E4E
                                • DeleteObject.GDI32(00000000), ref: 00401E5E
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                • String ID:
                                • API String ID: 1849352358-0
                                • Opcode ID: 81c9bb8771d2fff4a04963bae7b32cf8a9b6882c20dc3426dc9c78dd315e4f46
                                • Instruction ID: c57303c31a56d7bc8f2a0c5af16d3cdd50a2ae23bf22298ce01a5789fd7b985b
                                • Opcode Fuzzy Hash: 81c9bb8771d2fff4a04963bae7b32cf8a9b6882c20dc3426dc9c78dd315e4f46
                                • Instruction Fuzzy Hash: B9211972900119AFCB05DF98DE45AEEBBB5EB08354F14003AFA45F62A0D7789D81DB98
                                APIs
                                • GetDC.USER32(?), ref: 00401E76
                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E90
                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E98
                                • ReleaseDC.USER32(?,00000000), ref: 00401EA9
                                • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401EF8
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CapsCreateDeviceFontIndirectRelease
                                • String ID:
                                • API String ID: 3808545654-0
                                • Opcode ID: d16b9d3e65f9976eb005c53eb2d4e9b3ac670e2d85412e8b50a51612330472b7
                                • Instruction ID: 32ce691c062fdf7882ca7c79f7dc95dd78c7e40f541a0607bb82830de01dd458
                                • Opcode Fuzzy Hash: d16b9d3e65f9976eb005c53eb2d4e9b3ac670e2d85412e8b50a51612330472b7
                                • Instruction Fuzzy Hash: 3C017171905250EFE7005BB4EE49BDD3FA4AB19301F208A7AF142B61E2CBB904458BED
                                APIs
                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CD8
                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CF0
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: MessageSend$Timeout
                                • String ID: !
                                • API String ID: 1777923405-2657877971
                                • Opcode ID: a637eb720a8cb25f7279c4c7dfa93e68b81a041eba1bee5adc213dda34b2fd0f
                                • Instruction ID: 1a2acd516b32d4a8bba1f086ee74ddb70cdd2400578aaa813c3bd98b8eca9c32
                                • Opcode Fuzzy Hash: a637eb720a8cb25f7279c4c7dfa93e68b81a041eba1bee5adc213dda34b2fd0f
                                • Instruction Fuzzy Hash: 1121A071D1421AAEEB05AFA4D94AAFE7BB0EF44304F10453FF501B61D0D7B88941DB98
                                APIs
                                • lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E44
                                • wsprintfW.USER32 ref: 00404E4D
                                • SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E60
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: ItemTextlstrlenwsprintf
                                • String ID: %u.%u%s%s
                                • API String ID: 3540041739-3551169577
                                • Opcode ID: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
                                • Instruction ID: f1ad69e943298bab6ea0b6c220370dbc78873d19d133ff1b34b391d97265b774
                                • Opcode Fuzzy Hash: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
                                • Instruction Fuzzy Hash: 3011EB336041287BDB10566DAC45E9E329CDF85374F250237FE25F21D5E978C92182E8
                                APIs
                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040353F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00405E4C
                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040353F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00405E56
                                • lstrcatW.KERNEL32(?,0040A014,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405E68
                                Strings
                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E46
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CharPrevlstrcatlstrlen
                                • String ID: C:\Users\user\AppData\Local\Temp\
                                • API String ID: 2659869361-823278215
                                • Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                • Instruction ID: f2f0f64a112d89f35c11d852d44423d34ca235ab8761dbed5ccf1744ff487032
                                • Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                • Instruction Fuzzy Hash: C2D05E31101534AAC6116F54AD04DDB62AC9E46384381483BF541B20A5C778595186FD
                                APIs
                                • DestroyWindow.USER32(?,00000000,0040321C,00000001), ref: 00403051
                                • GetTickCount.KERNEL32 ref: 0040306F
                                • CreateDialogParamW.USER32(0000006F,00000000,00402FB8,00000000), ref: 0040308C
                                • ShowWindow.USER32(00000000,00000005), ref: 0040309A
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                • String ID:
                                • API String ID: 2102729457-0
                                • Opcode ID: dba963b85b565a1be4b34eea4ba853e9dad76a83014f6dce089c5eda9641480c
                                • Instruction ID: e0f0fd039426b51c9db09d8e0aed7b7b9f53d87474512ec8403aba9b2c913b41
                                • Opcode Fuzzy Hash: dba963b85b565a1be4b34eea4ba853e9dad76a83014f6dce089c5eda9641480c
                                • Instruction Fuzzy Hash: 93F05470602A21ABC6216F50FE09A9B7B69FB45B12B41043AF545B11ACCB384891CB9D
                                APIs
                                  • Part of subcall function 00406577: lstrcpynW.KERNEL32(?,?,00000400,004036C4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406584
                                  • Part of subcall function 00405EF1: CharNextW.USER32(?,?,0042F270,?,00405F65,0042F270,0042F270,75923420,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,75923420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405EFF
                                  • Part of subcall function 00405EF1: CharNextW.USER32(00000000), ref: 00405F04
                                  • Part of subcall function 00405EF1: CharNextW.USER32(00000000), ref: 00405F1C
                                • lstrlenW.KERNEL32(0042F270,00000000,0042F270,0042F270,75923420,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,75923420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405FA7
                                • GetFileAttributesW.KERNEL32(0042F270,0042F270,0042F270,0042F270,0042F270,0042F270,00000000,0042F270,0042F270,75923420,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,75923420,C:\Users\user\AppData\Local\Temp\), ref: 00405FB7
                                Strings
                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F4E
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                • String ID: C:\Users\user\AppData\Local\Temp\
                                • API String ID: 3248276644-823278215
                                • Opcode ID: 7c21406a6ebf8fc224ae0ccc6b020e70a1639b7280e68367676f2d78d50147cb
                                • Instruction ID: 6a7a19aedd3560da6e477bd72522a8c235124595f9c35bb96c459409ca5d5c37
                                • Opcode Fuzzy Hash: 7c21406a6ebf8fc224ae0ccc6b020e70a1639b7280e68367676f2d78d50147cb
                                • Instruction Fuzzy Hash: 28F0F42A105E6369C622333A5C05AAF1954CE86324B5A453FBC91F22C5CF3C8A42CDBE
                                APIs
                                • IsWindowVisible.USER32(?), ref: 0040559F
                                • CallWindowProcW.USER32(?,?,?,?), ref: 004055F0
                                  • Part of subcall function 00404542: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404554
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Window$CallMessageProcSendVisible
                                • String ID:
                                • API String ID: 3748168415-3916222277
                                • Opcode ID: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
                                • Instruction ID: f144bc20a23b2fc1dad06cc698734642626ca736bc3518a3bbd7873959a32aa8
                                • Opcode Fuzzy Hash: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
                                • Instruction Fuzzy Hash: 21017171100608BBDF219F11DD84A9F376BEB84794F204037FA027A1D9C7398D529A69
                                APIs
                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,0042BA48,?,00000800,00000000,?,0042BA48,?,?,"C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l,?,00000000,004066B6,80000002), ref: 0040648B
                                • RegCloseKey.ADVAPI32(?), ref: 00406496
                                Strings
                                • "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l, xrefs: 0040644C
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CloseQueryValue
                                • String ID: "C:\Users\user\AppData\Roaming\RDBNT\jre\bin\javaw.exe" -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 -classpath "l
                                • API String ID: 3356406503-1648896867
                                • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                • Instruction ID: 39ab2095516423f533248995afa5b88f9e2e33bd0920f2eea258779ff0fd120f
                                • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                • Instruction Fuzzy Hash: AB017C72500209AADF21CF51CC09EDB3BACFB55364F01803AFD1AA21A0D778D964DBA8
                                APIs
                                • FreeLibrary.KERNEL32(?,75923420,00000000,C:\Users\user\AppData\Local\Temp\,00403B8C,00403AA2,?,?,00000008,0000000A,0000000C), ref: 00403BCE
                                • GlobalFree.KERNEL32(?), ref: 00403BD5
                                Strings
                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403BB4
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: Free$GlobalLibrary
                                • String ID: C:\Users\user\AppData\Local\Temp\
                                • API String ID: 1100898210-823278215
                                • Opcode ID: 522759d04011631da2fa13ba2704cf46823a2ab452b41ebb0ecea140ccdeae61
                                • Instruction ID: 378dd3650374f781d23bf779db5809bbac3881e8a2166d277484928c36cee721
                                • Opcode Fuzzy Hash: 522759d04011631da2fa13ba2704cf46823a2ab452b41ebb0ecea140ccdeae61
                                • Instruction Fuzzy Hash: 20E08C336204205BC6311F15AE05B1A77786F89B2AF01402AE8407B2628BB47C528FC8
                                APIs
                                • lstrlenW.KERNEL32(80000000,C:\users\public,0040310E,C:\users\public,C:\users\public,00442800,00442800,80000000,00000003), ref: 00405E98
                                • CharPrevW.USER32(80000000,00000000,80000000,C:\users\public,0040310E,C:\users\public,C:\users\public,00442800,00442800,80000000,00000003), ref: 00405EA8
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: CharPrevlstrlen
                                • String ID: C:\users\public
                                • API String ID: 2709904686-2565504569
                                • Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                • Instruction ID: f09b3c5ebc87e5286f4ae90cf2a9e4f9baad7a67d9a69d6c991adc66958b5f71
                                • Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                • Instruction Fuzzy Hash: 40D05EB28019209ED3226B04EC0499F73A8EF123107868826E980A61A5D7785D818AEC
                                APIs
                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FDC
                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FF4
                                • CharNextA.USER32(00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406005
                                • lstrlenA.KERNEL32(00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040600E
                                Memory Dump Source
                                • Source File: 00000004.00000002.2199042061.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000004.00000002.2198950495.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199073927.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000416000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000431000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199098224.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000004.00000002.2199399363.0000000000451000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_400000_123.jbxd
                                Similarity
                                • API ID: lstrlen$CharNextlstrcmpi
                                • String ID:
                                • API String ID: 190613189-0
                                • Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                • Instruction ID: b896d6fd3cda69cb85c158c7a33f171d68b8f81fed19edc6c2f6f75b2124ada4
                                • Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                • Instruction Fuzzy Hash: 64F0F631104418FFC702DFA5DD00D9EBBA8EF45350B2200B9E841FB250D674DE11AB68

                                Execution Graph

                                Execution Coverage:1%
                                Dynamic/Decrypted Code Coverage:0%
                                Signature Coverage:2.4%
                                Total number of Nodes:1236
                                Total number of Limit Nodes:20
                                execution_graph 77576 6b954830 77577 6b954865 77576->77577 77580 6b954450 77577->77580 77579 6b95486a 77581 6b9544c9 77580->77581 77582 6b95448b GetCurrentThreadId 77580->77582 77581->77579 77582->77581 77583 6b954499 _CxxThrowException CreateEventW WaitForSingleObject 77582->77583 77583->77579 77584 233ba 77630 2443d 77584->77630 77588 2349f 77657 2256f 77588->77657 77589 23458 77589->77588 77759 28a72 104 API calls 6 library calls 77589->77759 77593 2346c 77595 23494 77593->77595 77760 28a72 104 API calls 6 library calls 77593->77760 77761 2129b 77595->77761 77600 2350d 77718 24dc6 77600->77718 77601 234f7 77601->77600 77775 23ad9 77601->77775 77604 23523 77606 2353f 77604->77606 77608 23ad9 2 API calls 77604->77608 77620 23529 77604->77620 77729 23971 77606->77729 77607 2364a 77608->77606 77611 235a7 77782 28bb6 77611->77782 77612 23574 77780 22e45 135 API calls __tzset_nolock 77612->77780 77615 2358a 77781 217a2 136 API calls 5 library calls 77615->77781 77616 235b1 77795 213bf 132 API calls 2 library calls 77616->77795 77618 23598 77618->77620 77733 2296b 77618->77733 77797 296e8 77620->77797 77623 235f6 77745 2192a 77623->77745 77628 2360c 77754 2447e 77628->77754 77805 29570 77630->77805 77632 2444f InitCommonControlsEx 77807 2398b 77632->77807 77635 21ee0 77636 21ee5 77635->77636 77637 21fc1 77636->77637 77812 28a72 104 API calls 6 library calls 77636->77812 77637->77589 77639 21ef9 77813 28a72 104 API calls 6 library calls 77639->77813 77641 21f1c 77814 28a72 104 API calls 6 library calls 77641->77814 77643 21f36 77815 28a72 104 API calls 6 library calls 77643->77815 77645 21f46 77816 28a72 104 API calls 6 library calls 77645->77816 77647 21f56 77817 28a72 104 API calls 6 library calls 77647->77817 77649 21f6f 77818 28a72 104 API calls 6 library calls 77649->77818 77651 21f7f 77819 28a72 104 API calls 6 library calls 77651->77819 77653 21f8f 77820 28a72 104 API calls 6 library calls 77653->77820 77655 21f99 77821 28a72 104 API calls 6 library calls 77655->77821 77658 225ce _memset 77657->77658 77659 28bb6 __wgetenv 99 API calls 77658->77659 77660 225e0 77659->77660 77661 22601 77660->77661 77662 225e7 77660->77662 77823 23904 77661->77823 77680 225f6 77662->77680 77822 2394b 97 API calls 2 library calls 77662->77822 77665 296e8 __call_reportfault 5 API calls 77666 22958 77665->77666 77704 24ae2 77666->77704 77668 2285c 77674 22868 77668->77674 77837 26569 97 API calls 2 library calls 77668->77837 77669 22836 77669->77668 77835 2394b 97 API calls 2 library calls 77669->77835 77670 22782 _strlen 77670->77669 77678 227f0 _strlen 77670->77678 77679 23904 97 API calls 77670->77679 77671 2275c 77671->77670 77831 23ba3 105 API calls 5 library calls 77671->77831 77836 26179 66 API calls _free 77674->77836 77676 22779 77832 28a0a 66 API calls _doexit 77676->77832 77678->77669 77683 23904 97 API calls 77678->77683 77686 227d8 _strcat 77679->77686 77680->77665 77682 22883 77838 23eae 109 API calls 77682->77838 77687 2281e _strcat 77683->77687 77685 22611 __tzset_nolock 77685->77670 77830 25fdf 102 API calls 2 library calls 77685->77830 77833 29007 109 API calls 3 library calls 77686->77833 77834 29007 109 API calls 3 library calls 77687->77834 77689 2289e 77691 23971 99 API calls 77689->77691 77692 228d4 77691->77692 77697 228f3 _strlen 77692->77697 77839 26412 100 API calls __mbschr_l 77692->77839 77695 228e9 77695->77674 77695->77697 77696 2292f 77841 24022 129 API calls 9 library calls 77696->77841 77699 22960 77697->77699 77700 22918 77697->77700 77840 29007 109 API calls 3 library calls 77700->77840 77701 22938 77842 26179 66 API calls _free 77701->77842 77703 2293d 77703->77680 77712 24b03 __tzset_nolock 77704->77712 77714 24b92 __tzset_nolock 77704->77714 77706 23ba3 105 API calls 77706->77714 77712->77714 77985 23ba3 105 API calls 5 library calls 77712->77985 77714->77706 77717 24c51 77714->77717 77870 247b7 77714->77870 77925 23b5d 77714->77925 77929 22f8a 77714->77929 77956 22312 77714->77956 77974 24746 77714->77974 77986 28a0a 66 API calls _doexit 77714->77986 77715 234de 77715->77601 77774 210e3 139 API calls 3 library calls 77715->77774 77716 23a06 85 API calls 77716->77717 77717->77715 77717->77716 77719 23971 99 API calls 77718->77719 77720 24dd7 77719->77720 78693 24cdb 77720->78693 77723 24df7 GetProcAddress GetProcAddress 77725 24e1e 77723->77725 77724 24ded 78710 23ba3 105 API calls 5 library calls 77724->78710 77725->77724 77727 24e22 77725->77727 77728 24e33 77727->77728 77728->77604 77730 2355f 77729->77730 77731 2397a 77729->77731 77730->77611 77730->77612 78741 2a1ef 99 API calls _vwprintf_helper 77731->78741 77742 2298f __tzset_nolock _strlen 77733->77742 77734 22d9f 77734->77620 77734->77623 77796 213bf 132 API calls 2 library calls 77734->77796 77735 22dc1 78744 23ba3 105 API calls 5 library calls 77735->78744 77738 22dee 78745 21fc3 104 API calls 3 library calls 77738->78745 77740 23904 97 API calls 77740->77742 77741 294e1 102 API calls _sprintf 77741->77742 77742->77734 77742->77735 77742->77738 77742->77740 77742->77741 77743 2129b 97 API calls 77742->77743 78742 23ba3 105 API calls 5 library calls 77742->78742 78743 213bf 132 API calls 2 library calls 77742->78743 77743->77742 77746 21939 _strlen 77745->77746 77750 219bc 77745->77750 77747 23904 97 API calls 77746->77747 77749 21977 77747->77749 77748 2129b 97 API calls 77748->77750 77749->77748 77751 219c3 77750->77751 77752 2129b 97 API calls 77751->77752 77753 219cf 77752->77753 77753->77628 78746 21dae 77754->78746 77756 24486 78781 23339 77756->78781 77759->77593 77760->77593 77762 212af 77761->77762 77767 212c9 _memmove 77761->77767 77763 212d1 77762->77763 77764 212b8 77762->77764 77766 23904 97 API calls 77763->77766 77765 23904 97 API calls 77764->77765 77765->77767 77766->77767 77769 21347 77767->77769 79118 211d2 66 API calls 2 library calls 77767->79118 77772 21377 77769->77772 79119 211d2 66 API calls 2 library calls 77769->79119 77771 213a7 77771->77588 77772->77771 79120 211d2 66 API calls 2 library calls 77772->79120 77774->77601 77776 23ae7 QueryPerformanceFrequency 77775->77776 77777 23afe 77775->77777 77776->77777 77778 23b07 77777->77778 77779 23b0d QueryPerformanceCounter 77777->77779 77778->77600 77779->77600 77780->77615 77781->77618 77785 28bc2 _fgets _strnlen 77782->77785 77783 28bce 79121 2ab01 66 API calls __getptd_noexit 77783->79121 77785->77783 77788 28bfa 77785->77788 77786 28bd3 79122 2d2d6 11 API calls _fgets 77786->79122 77789 2ceac __lock 66 API calls 77788->77789 77790 28c01 77789->77790 79123 28b2f 99 API calls 3 library calls 77790->79123 77792 28bde _fgets 77792->77616 77793 28c0e 79124 28c27 LeaveCriticalSection _doexit 77793->79124 77795->77618 77796->77623 77798 296f2 IsDebuggerPresent 77797->77798 77799 296f0 77797->77799 79125 3536a 77798->79125 77799->77607 77802 314a9 SetUnhandledExceptionFilter UnhandledExceptionFilter 77803 314ce GetCurrentProcess TerminateProcess 77802->77803 77804 314c6 __call_reportfault 77802->77804 77803->77607 77804->77803 77806 2957c 77805->77806 77806->77632 77806->77806 77808 28bb6 __wgetenv 99 API calls 77807->77808 77809 23997 77808->77809 77810 23452 77809->77810 77811 23971 99 API calls 77809->77811 77810->77635 77811->77810 77812->77639 77813->77641 77814->77643 77815->77645 77816->77647 77817->77649 77818->77651 77819->77653 77820->77655 77821->77637 77822->77680 77843 2a029 77823->77843 77826 23924 77826->77685 77828 2391c 77861 28a0a 66 API calls _doexit 77828->77861 77830->77671 77831->77676 77832->77670 77833->77678 77834->77669 77835->77668 77836->77680 77837->77682 77838->77689 77839->77695 77840->77696 77841->77701 77842->77703 77844 2a0a6 77843->77844 77850 2a037 77843->77850 77868 2d2f5 DecodePointer 77844->77868 77846 2a042 77846->77850 77862 2df04 66 API calls 2 library calls 77846->77862 77863 2dd55 66 API calls 8 library calls 77846->77863 77864 287b2 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 77846->77864 77847 2a0ac 77869 2ab01 66 API calls __getptd_noexit 77847->77869 77850->77846 77851 2a065 RtlAllocateHeap 77850->77851 77854 2a092 77850->77854 77858 2a090 77850->77858 77865 2d2f5 DecodePointer 77850->77865 77851->77850 77852 2390d 77851->77852 77852->77826 77860 29f9b 97 API calls 6 library calls 77852->77860 77866 2ab01 66 API calls __getptd_noexit 77854->77866 77867 2ab01 66 API calls __getptd_noexit 77858->77867 77860->77828 77861->77826 77862->77846 77863->77846 77865->77850 77866->77858 77867->77852 77868->77847 77869->77852 77987 23a4e GetModuleFileNameA 77870->77987 77872 247e5 77873 2489a RegOpenKeyExA 77872->77873 77876 23b5d 102 API calls 77872->77876 77874 248f0 77873->77874 77875 248be 77873->77875 78058 23a87 RegQueryValueExA RegQueryValueExA 77874->78058 78056 23ba3 105 API calls 5 library calls 77875->78056 77879 24807 77876->77879 77989 2a3a5 77879->77989 77880 24909 77884 24910 77880->77884 77893 24928 __tzset_nolock 77880->77893 77881 248c9 78057 23ba3 105 API calls 5 library calls 77881->78057 78059 23ba3 105 API calls 5 library calls 77884->78059 77885 24832 _strlen 77894 24843 77885->77894 77895 24855 77885->77895 77886 2481f 77889 23971 99 API calls 77886->77889 77891 24829 77889->77891 77890 2491b RegCloseKey 77890->77881 77896 296e8 __call_reportfault 5 API calls 77891->77896 77898 24940 77893->77898 77899 2495d RegOpenKeyExA 77893->77899 77897 23971 99 API calls 77894->77897 77900 23b5d 102 API calls 77895->77900 77901 248e8 77896->77901 77897->77891 78060 23ba3 105 API calls 5 library calls 77898->78060 77902 24974 77899->77902 77903 2498b 77899->77903 77904 24868 77900->77904 77901->77714 78061 23ba3 105 API calls 5 library calls 77902->78061 78062 23a87 RegQueryValueExA RegQueryValueExA 77903->78062 77907 2a3a5 __stat64i32 139 API calls 77904->77907 77910 24878 77907->77910 77908 249a1 77915 249d2 77908->77915 78063 23ba3 105 API calls 5 library calls 77908->78063 77910->77873 77911 2487f 77910->77911 77914 23971 99 API calls 77911->77914 77913 249ba RegCloseKey RegCloseKey 77913->77915 77914->77891 77916 24a1f RegCloseKey RegCloseKey 77915->77916 78064 23a87 RegQueryValueExA RegQueryValueExA 77915->78064 77917 23971 99 API calls 77916->77917 77920 24a3c 77917->77920 77919 249f1 77921 24a02 77919->77921 78065 28a72 104 API calls 6 library calls 77919->78065 78066 28a72 104 API calls 6 library calls 77921->78066 77924 24a1c 77924->77916 77926 23b67 77925->77926 77928 23b82 77925->77928 77926->77928 78362 2a9c0 102 API calls __vsnprintf_l 77926->78362 77928->77714 77930 22fc3 77929->77930 77931 22fcc 77930->77931 77932 23ad9 2 API calls 77930->77932 78363 29f5a 77931->78363 77932->77931 77935 22fe6 77951 23003 77935->77951 78398 23ba3 105 API calls 5 library calls 77935->78398 77936 2300b 78366 29d66 77936->78366 77939 232e4 78385 29c59 77939->78385 77940 296e8 __call_reportfault 5 API calls 77942 23331 77940->77942 77941 22ffa 78399 28a0a 66 API calls _doexit 77941->78399 77942->77714 77945 29d66 _fgets 81 API calls 77953 2301a _strspn _memmove _strlen _strcspn 77945->77953 77946 232ed 77947 23ad9 2 API calls 77946->77947 77946->77951 77948 23305 77947->77948 78400 28a72 104 API calls 6 library calls 77948->78400 77949 23904 97 API calls 77949->77953 77951->77940 77952 2394b 97 API calls 77952->77953 77953->77939 77953->77945 77953->77949 77953->77952 77954 23971 99 API calls 77953->77954 77955 23ba3 105 API calls 77953->77955 77954->77953 77955->77953 77957 28bb6 __wgetenv 99 API calls 77956->77957 77958 22329 77957->77958 77959 23904 97 API calls 77958->77959 77965 22340 __tzset_nolock 77959->77965 77960 2246a 77962 23971 99 API calls 77960->77962 77961 22495 77961->77714 77962->77961 77963 224ea 77964 22548 77963->77964 77969 224f4 77963->77969 77964->77961 78692 23ba3 105 API calls 5 library calls 77964->78692 77965->77960 77966 2249e 77965->77966 77966->77961 77966->77963 77967 224fd 77966->77967 77966->77969 77967->77961 78689 23ba3 105 API calls 5 library calls 77967->78689 77969->77961 78691 23ba3 105 API calls 5 library calls 77969->78691 77972 2250d 78690 28a0a 66 API calls _doexit 77972->78690 77976 2475e __mbschr_l 77974->77976 77975 24787 77977 23b5d 102 API calls 77975->77977 77976->77975 77979 24772 77976->77979 77978 24782 77977->77978 77980 2a3a5 __stat64i32 139 API calls 77978->77980 77981 23b5d 102 API calls 77979->77981 77982 247a3 77980->77982 77981->77978 77983 296e8 __call_reportfault 5 API calls 77982->77983 77984 247b5 77983->77984 77984->77714 77985->77714 77986->77714 77988 23a68 _strrchr 77987->77988 77988->77872 77990 2a3f1 77989->77990 77991 2a3d5 77989->77991 77990->77991 77993 2a3f5 77990->77993 78089 2ab14 66 API calls __getptd_noexit 77991->78089 78067 3469d 77993->78067 77994 2a3da 78090 2ab01 66 API calls __getptd_noexit 77994->78090 77998 2a3e1 78091 2d2d6 11 API calls _fgets 77998->78091 77999 2a422 78041 2a406 77999->78041 78094 345c5 82 API calls __mbctolower_l 77999->78094 78000 2a43c 78095 34451 68 API calls 4 library calls 78000->78095 78004 2a40b 78093 2ab14 66 API calls __getptd_noexit 78004->78093 78007 2a441 FindFirstFileExA 78009 2a548 78007->78009 78010 2a468 78007->78010 78008 2a436 78008->78007 78012 2a5b3 78009->78012 78015 2a560 78009->78015 78013 3469d __stat64i32 76 API calls 78010->78013 78011 296e8 __call_reportfault 5 API calls 78014 24817 78011->78014 78016 2a5cb FileTimeToLocalFileTime 78012->78016 78021 2a5c3 78012->78021 78020 2a479 78013->78020 78014->77885 78014->77886 78099 341ca 78015->78099 78017 2a7d1 GetLastError 78016->78017 78018 2a5e7 FileTimeToSystemTime 78016->78018 78127 2ab27 66 API calls 2 library calls 78017->78127 78018->78017 78022 2a603 78018->78022 78020->78041 78096 2a345 75 API calls 2 library calls 78020->78096 78027 2a661 FileTimeToLocalFileTime 78021->78027 78030 2a653 78021->78030 78070 341ea 78022->78070 78027->78017 78032 2a67d FileTimeToSystemTime 78027->78032 78028 2a7dd FindClose 78054 2a3ec 78028->78054 78029 2a52b 78029->78041 78098 28dd0 66 API calls 2 library calls 78029->78098 78039 2a6f7 FileTimeToLocalFileTime 78030->78039 78040 2a6e9 FindClose 78030->78040 78031 2a590 78102 335d2 115 API calls 6 library calls 78031->78102 78032->78017 78034 2a699 78032->78034 78038 341ea ___loctotime64_t 102 API calls 78034->78038 78036 2a498 _IsRootUNCName _strlen 78036->78029 78043 2a4ba GetDriveTypeA 78036->78043 78037 2a59c 78103 32135 78037->78103 78038->78030 78039->78017 78042 2a713 FileTimeToSystemTime 78039->78042 78049 2a77b 78040->78049 78092 2ab01 66 API calls __getptd_noexit 78041->78092 78042->78017 78046 2a72f 78042->78046 78043->78029 78047 2a4c6 78043->78047 78048 341ea ___loctotime64_t 102 API calls 78046->78048 78050 2a4d9 78047->78050 78097 28dd0 66 API calls 2 library calls 78047->78097 78048->78040 78126 33515 85 API calls ___dtoxmode 78049->78126 78053 341ea ___loctotime64_t 102 API calls 78050->78053 78055 2a509 78053->78055 78054->78011 78055->78049 78056->77881 78057->77891 78058->77880 78059->77890 78060->77890 78061->77890 78062->77908 78063->77913 78064->77919 78065->77921 78066->77924 78128 345d8 78067->78128 78069 2a400 78069->77999 78069->78000 78069->78041 78071 34432 78070->78071 78076 34222 78070->78076 78244 2ab01 66 API calls __getptd_noexit 78071->78244 78073 34413 78074 296e8 __call_reportfault 5 API calls 78073->78074 78075 3444f 78074->78075 78075->78021 78076->78071 78225 3887b 78076->78225 78078 342fd 78233 3890b 66 API calls _fgets 78078->78233 78080 34306 78081 34426 78080->78081 78234 38938 66 API calls _fgets 78080->78234 78243 2d284 10 API calls __call_reportfault 78081->78243 78084 34318 78084->78081 78235 38965 78084->78235 78086 3432a 78086->78081 78087 34333 ___loctotime64_t 78086->78087 78087->78073 78242 388ca 66 API calls 4 library calls 78087->78242 78089->77994 78090->77998 78091->78054 78092->78004 78093->78054 78094->78008 78095->78007 78096->78036 78097->78050 78098->78041 78293 34106 78099->78293 78101 2a578 78101->78031 78101->78041 78102->78037 78104 32141 _fgets 78103->78104 78105 32149 78104->78105 78108 32164 78104->78108 78334 2ab14 66 API calls __getptd_noexit 78105->78334 78107 32170 78336 2ab14 66 API calls __getptd_noexit 78107->78336 78108->78107 78112 321aa 78108->78112 78110 3214e 78335 2ab01 66 API calls __getptd_noexit 78110->78335 78111 32175 78337 2ab01 66 API calls __getptd_noexit 78111->78337 78309 329ee 78112->78309 78116 3217d 78338 2d2d6 11 API calls _fgets 78116->78338 78117 321b0 78119 321ca 78117->78119 78120 321be 78117->78120 78339 2ab01 66 API calls __getptd_noexit 78119->78339 78319 32099 78120->78319 78121 32156 _fgets 78121->78054 78124 321c4 78340 321f1 LeaveCriticalSection __unlock_fhandle 78124->78340 78126->78054 78127->78028 78135 2ca70 78128->78135 78132 34615 78144 2d2d6 11 API calls _fgets 78132->78144 78134 345f7 _strpbrk 78134->78069 78136 2ca83 78135->78136 78140 2cad0 78135->78140 78145 2d50a 78136->78145 78140->78134 78143 2ab01 66 API calls __getptd_noexit 78140->78143 78141 2cab0 78141->78140 78151 34a65 68 API calls 6 library calls 78141->78151 78143->78132 78144->78134 78152 2d491 GetLastError 78145->78152 78147 2d512 78148 2ca88 78147->78148 78166 28a54 66 API calls 3 library calls 78147->78166 78148->78141 78150 351e6 74 API calls 6 library calls 78148->78150 78150->78141 78151->78140 78167 2d34f TlsGetValue 78152->78167 78155 2d4fe SetLastError 78155->78147 78158 2d4c4 DecodePointer 78159 2d4d9 78158->78159 78160 2d4f5 78159->78160 78161 2d4dd 78159->78161 78189 28dd0 66 API calls 2 library calls 78160->78189 78176 2d3dd 78161->78176 78164 2d4e5 GetCurrentThreadId 78164->78155 78165 2d4fb 78165->78155 78168 2d364 DecodePointer TlsSetValue 78167->78168 78169 2d37f 78167->78169 78168->78169 78169->78155 78170 2fe3d 78169->78170 78173 2fe46 78170->78173 78172 2d4bc 78172->78155 78172->78158 78173->78172 78174 2fe64 Sleep 78173->78174 78190 35d4f 78173->78190 78175 2fe79 78174->78175 78175->78172 78175->78173 78199 2db40 78176->78199 78178 2d3e9 GetModuleHandleW 78200 2ceac 78178->78200 78180 2d427 InterlockedIncrement 78207 2d47f 78180->78207 78183 2ceac __lock 64 API calls 78184 2d448 78183->78184 78210 34f26 InterlockedIncrement 78184->78210 78186 2d466 78222 2d488 78186->78222 78188 2d473 _fgets 78188->78164 78189->78165 78191 35d5b 78190->78191 78195 35d76 78190->78195 78192 35d67 78191->78192 78191->78195 78193 2ab01 _fgets 65 API calls 78192->78193 78196 35d6c 78193->78196 78194 35d89 HeapAlloc 78194->78195 78198 35db0 78194->78198 78195->78194 78197 2d2f5 _malloc DecodePointer 78195->78197 78195->78198 78196->78173 78197->78195 78198->78173 78199->78178 78201 2cec1 78200->78201 78202 2ced4 EnterCriticalSection 78200->78202 78203 2cdea __mtinitlocknum 65 API calls 78201->78203 78202->78180 78204 2cec7 78203->78204 78204->78202 78205 28a54 __amsg_exit 65 API calls 78204->78205 78206 2ced3 78205->78206 78206->78202 78208 2cdd3 _doexit LeaveCriticalSection 78207->78208 78209 2d441 78208->78209 78209->78183 78211 34f47 78210->78211 78212 34f44 InterlockedIncrement 78210->78212 78213 34f51 InterlockedIncrement 78211->78213 78214 34f54 78211->78214 78212->78211 78213->78214 78215 34f61 78214->78215 78216 34f5e InterlockedIncrement 78214->78216 78217 34f6b InterlockedIncrement 78215->78217 78218 34f6e 78215->78218 78216->78215 78217->78218 78219 34f87 InterlockedIncrement 78218->78219 78220 34f97 InterlockedIncrement 78218->78220 78221 34fa2 InterlockedIncrement 78218->78221 78219->78218 78220->78218 78221->78186 78223 2cdd3 _doexit LeaveCriticalSection 78222->78223 78224 2d48f 78223->78224 78224->78188 78226 38887 _fgets 78225->78226 78227 2ceac __lock 66 API calls 78226->78227 78228 388bb _fgets 78226->78228 78229 38898 78227->78229 78228->78078 78230 388a9 78229->78230 78245 3819a 78229->78245 78275 388c1 LeaveCriticalSection _doexit 78230->78275 78233->78080 78234->78084 78236 38971 78235->78236 78237 38986 78235->78237 78291 2ab01 66 API calls __getptd_noexit 78236->78291 78237->78086 78239 38976 78292 2d2d6 11 API calls _fgets 78239->78292 78241 38981 78241->78086 78242->78073 78243->78071 78244->78073 78246 381a6 _fgets 78245->78246 78247 2ceac __lock 66 API calls 78246->78247 78248 381c1 __tzset_nolock 78247->78248 78249 38965 ___loctotime64_t 66 API calls 78248->78249 78250 381d6 78249->78250 78273 3829e 78250->78273 78276 3890b 66 API calls _fgets 78250->78276 78253 38293 __tzset_nolock 78255 382be GetTimeZoneInformation 78253->78255 78259 38325 WideCharToMultiByte 78253->78259 78263 3835d WideCharToMultiByte 78253->78263 78266 346b4 66 API calls __tzset_nolock 78253->78266 78270 3b400 79 API calls __tzset_nolock 78253->78270 78253->78273 78274 3848e _fgets __tzset_nolock 78253->78274 78289 28dd0 66 API calls 2 library calls 78253->78289 78290 3841d LeaveCriticalSection _doexit 78253->78290 78254 381e8 78254->78273 78277 38938 66 API calls _fgets 78254->78277 78255->78253 78258 381fa 78258->78273 78278 391dc 74 API calls 2 library calls 78258->78278 78259->78253 78261 38208 78279 28b2f 99 API calls 3 library calls 78261->78279 78263->78253 78265 38261 _strlen 78281 2fdf8 78265->78281 78266->78253 78267 3822a __tzset_nolock 78267->78253 78267->78265 78280 28dd0 66 API calls 2 library calls 78267->78280 78270->78253 78271 3826f _strlen 78271->78253 78287 2ee39 66 API calls _fgets 78271->78287 78288 2d284 10 API calls __call_reportfault 78273->78288 78274->78230 78275->78228 78276->78254 78277->78258 78278->78261 78279->78267 78280->78265 78283 2fe01 78281->78283 78282 2a029 _malloc 65 API calls 78282->78283 78283->78282 78284 2fe37 78283->78284 78285 2fe18 Sleep 78283->78285 78284->78271 78286 2fe2d 78285->78286 78286->78283 78286->78284 78287->78253 78288->78253 78289->78253 78290->78253 78291->78239 78292->78241 78296 34112 _fgets 78293->78296 78294 34125 78306 2ab01 66 API calls __getptd_noexit 78294->78306 78296->78294 78298 3415b __tsopen_nolock 78296->78298 78297 3412a 78307 2d2d6 11 API calls _fgets 78297->78307 78302 3419c 78298->78302 78301 34134 _fgets 78301->78101 78303 341a1 78302->78303 78304 341c8 78302->78304 78308 32a8d LeaveCriticalSection 78303->78308 78304->78301 78306->78297 78307->78301 78308->78304 78310 329fa _fgets 78309->78310 78311 32a54 78310->78311 78312 2ceac __lock 66 API calls 78310->78312 78313 32a76 _fgets 78311->78313 78314 32a59 EnterCriticalSection 78311->78314 78315 32a26 78312->78315 78313->78117 78314->78313 78316 32a42 78315->78316 78317 32a2f InitializeCriticalSectionAndSpinCount 78315->78317 78341 32a84 LeaveCriticalSection _doexit 78316->78341 78317->78316 78342 32985 78319->78342 78321 320ff 78355 328ff 67 API calls 2 library calls 78321->78355 78322 320a9 78322->78321 78324 32985 __commit 66 API calls 78322->78324 78333 320dd 78322->78333 78327 320d4 78324->78327 78325 32985 __commit 66 API calls 78328 320e9 CloseHandle 78325->78328 78326 32107 78329 32129 78326->78329 78356 2ab27 66 API calls 2 library calls 78326->78356 78331 32985 __commit 66 API calls 78327->78331 78328->78321 78332 320f5 GetLastError 78328->78332 78329->78124 78331->78333 78332->78321 78333->78321 78333->78325 78334->78110 78335->78121 78336->78111 78337->78116 78338->78121 78339->78124 78340->78121 78341->78311 78343 32992 78342->78343 78345 329aa 78342->78345 78357 2ab14 66 API calls __getptd_noexit 78343->78357 78349 329e9 78345->78349 78359 2ab14 66 API calls __getptd_noexit 78345->78359 78346 32997 78358 2ab01 66 API calls __getptd_noexit 78346->78358 78348 329bb 78360 2ab01 66 API calls __getptd_noexit 78348->78360 78349->78322 78352 3299f 78352->78322 78353 329c3 78361 2d2d6 11 API calls _fgets 78353->78361 78355->78326 78356->78329 78357->78346 78358->78352 78359->78348 78360->78353 78361->78352 78362->77928 78401 29e9e 78363->78401 78365 22fdd 78365->77935 78365->77936 78367 29d72 _fgets 78366->78367 78368 29d85 78367->78368 78370 29db6 78367->78370 78506 2ab01 66 API calls __getptd_noexit 78368->78506 78379 29d95 _fgets 78370->78379 78480 29b0e 78370->78480 78371 29d8a 78507 2d2d6 11 API calls _fgets 78371->78507 78375 29e67 78517 29e96 LeaveCriticalSection LeaveCriticalSection _vwprintf_helper 78375->78517 78378 29e3a 78378->78375 78486 3222a 78378->78486 78379->77953 78381 29dd5 78381->78378 78515 2ab01 66 API calls __getptd_noexit 78381->78515 78383 29e2f 78516 2d2d6 11 API calls _fgets 78383->78516 78386 29c65 _fgets 78385->78386 78387 29c77 78386->78387 78388 29c8c 78386->78388 78671 2ab01 66 API calls __getptd_noexit 78387->78671 78391 29b0e __lock_file 67 API calls 78388->78391 78394 29c87 _fgets 78388->78394 78390 29c7c 78672 2d2d6 11 API calls _fgets 78390->78672 78393 29ca5 78391->78393 78655 29bec 78393->78655 78394->77946 78398->77941 78399->77951 78400->77951 78403 29eaa _fgets 78401->78403 78402 29ebd 78459 2ab01 66 API calls __getptd_noexit 78402->78459 78403->78402 78406 29eea 78403->78406 78405 29ec2 78460 2d2d6 11 API calls _fgets 78405->78460 78420 325e3 78406->78420 78409 29eef 78410 29f03 78409->78410 78411 29ef6 78409->78411 78413 29f2a 78410->78413 78414 29f0a 78410->78414 78461 2ab01 66 API calls __getptd_noexit 78411->78461 78437 3234c 78413->78437 78462 2ab01 66 API calls __getptd_noexit 78414->78462 78419 29ecd _fgets @_EH4_CallFilterFunc@8 78419->78365 78421 325ef _fgets 78420->78421 78422 2ceac __lock 66 API calls 78421->78422 78423 325fd 78422->78423 78424 32679 78423->78424 78435 32672 78423->78435 78467 2cdea 66 API calls 8 library calls 78423->78467 78468 29b4f 67 API calls __lock 78423->78468 78469 29bbd LeaveCriticalSection LeaveCriticalSection _doexit 78423->78469 78425 2fdf8 __malloc_crt 66 API calls 78424->78425 78427 32680 78425->78427 78428 3268e InitializeCriticalSectionAndSpinCount 78427->78428 78427->78435 78430 326c1 EnterCriticalSection 78428->78430 78431 326ae 78428->78431 78429 32702 _fgets 78429->78409 78430->78435 78470 28dd0 66 API calls 2 library calls 78431->78470 78464 3270d 78435->78464 78438 3236e 78437->78438 78439 32382 78438->78439 78449 32399 78438->78449 78472 2ab01 66 API calls __getptd_noexit 78439->78472 78441 32387 78473 2d2d6 11 API calls _fgets 78441->78473 78443 3258a 78478 2ab01 66 API calls __getptd_noexit 78443->78478 78444 3259c 78445 341ca __wsopen_s 68 API calls 78444->78445 78448 29f35 78445->78448 78447 3258f 78479 2d2d6 11 API calls _fgets 78447->78479 78463 29f50 LeaveCriticalSection LeaveCriticalSection _vwprintf_helper 78448->78463 78449->78443 78458 32536 78449->78458 78474 377bb 76 API calls __fassign 78449->78474 78452 32505 78452->78443 78475 37655 85 API calls __mbsnbicmp_l 78452->78475 78454 3252f 78454->78458 78476 37655 85 API calls __mbsnbicmp_l 78454->78476 78456 3254e 78456->78458 78477 37655 85 API calls __mbsnbicmp_l 78456->78477 78458->78443 78458->78444 78459->78405 78460->78419 78461->78419 78462->78419 78463->78419 78471 2cdd3 LeaveCriticalSection 78464->78471 78466 32714 78466->78429 78467->78423 78468->78423 78469->78423 78470->78435 78471->78466 78472->78441 78473->78448 78474->78452 78475->78454 78476->78456 78477->78458 78478->78447 78479->78448 78481 29b42 EnterCriticalSection 78480->78481 78482 29b20 78480->78482 78484 29b38 78481->78484 78482->78481 78483 29b28 78482->78483 78485 2ceac __lock 66 API calls 78483->78485 78484->78378 78508 31fd7 78484->78508 78485->78484 78487 32237 78486->78487 78488 3224c 78486->78488 78551 2ab01 66 API calls __getptd_noexit 78487->78551 78492 32281 78488->78492 78497 32247 78488->78497 78518 36520 78488->78518 78490 3223c 78552 2d2d6 11 API calls _fgets 78490->78552 78494 31fd7 _fgets 66 API calls 78492->78494 78495 32295 78494->78495 78521 3735b 78495->78521 78497->78378 78498 3229c 78498->78497 78499 31fd7 _fgets 66 API calls 78498->78499 78500 322bf 78499->78500 78500->78497 78501 31fd7 _fgets 66 API calls 78500->78501 78502 322cb 78501->78502 78502->78497 78503 31fd7 _fgets 66 API calls 78502->78503 78504 322d8 78503->78504 78505 31fd7 _fgets 66 API calls 78504->78505 78505->78497 78506->78371 78507->78379 78509 31fe3 78508->78509 78510 31ff8 78508->78510 78653 2ab01 66 API calls __getptd_noexit 78509->78653 78510->78381 78512 31fe8 78654 2d2d6 11 API calls _fgets 78512->78654 78514 31ff3 78514->78381 78515->78383 78516->78378 78517->78379 78519 2fdf8 __malloc_crt 66 API calls 78518->78519 78520 36535 78519->78520 78520->78492 78522 37367 _fgets 78521->78522 78523 3736f 78522->78523 78526 3738a 78522->78526 78622 2ab14 66 API calls __getptd_noexit 78523->78622 78525 37396 78624 2ab14 66 API calls __getptd_noexit 78525->78624 78526->78525 78530 373d0 78526->78530 78528 37374 78623 2ab01 66 API calls __getptd_noexit 78528->78623 78529 3739b 78625 2ab01 66 API calls __getptd_noexit 78529->78625 78533 373f2 78530->78533 78534 373dd 78530->78534 78535 329ee ___lock_fhandle 68 API calls 78533->78535 78627 2ab14 66 API calls __getptd_noexit 78534->78627 78538 373f8 78535->78538 78536 373a3 78626 2d2d6 11 API calls _fgets 78536->78626 78540 37406 78538->78540 78541 3741a 78538->78541 78539 373e2 78628 2ab01 66 API calls __getptd_noexit 78539->78628 78553 36da4 78540->78553 78629 2ab01 66 API calls __getptd_noexit 78541->78629 78544 3737c _fgets 78544->78498 78547 37412 78631 37449 LeaveCriticalSection __unlock_fhandle 78547->78631 78548 3741f 78630 2ab14 66 API calls __getptd_noexit 78548->78630 78551->78490 78552->78497 78554 36dc0 78553->78554 78555 36ddb 78553->78555 78632 2ab14 66 API calls __getptd_noexit 78554->78632 78557 36dea 78555->78557 78559 36e09 78555->78559 78634 2ab14 66 API calls __getptd_noexit 78557->78634 78558 36dc5 78633 2ab01 66 API calls __getptd_noexit 78558->78633 78561 36e27 78559->78561 78576 36e3b 78559->78576 78637 2ab14 66 API calls __getptd_noexit 78561->78637 78563 36def 78635 2ab01 66 API calls __getptd_noexit 78563->78635 78565 36e91 78639 2ab14 66 API calls __getptd_noexit 78565->78639 78568 36e2c 78638 2ab01 66 API calls __getptd_noexit 78568->78638 78569 36df6 78636 2d2d6 11 API calls _fgets 78569->78636 78571 36e96 78640 2ab01 66 API calls __getptd_noexit 78571->78640 78573 36dcd 78573->78547 78575 36e33 78641 2d2d6 11 API calls _fgets 78575->78641 78576->78565 78576->78573 78577 36e70 78576->78577 78578 36eaa 78576->78578 78577->78565 78584 36e7b ReadFile 78577->78584 78581 2fdf8 __malloc_crt 66 API calls 78578->78581 78585 36ec0 78581->78585 78582 36fa6 78583 3731e GetLastError 78582->78583 78591 36fba 78582->78591 78586 371a5 78583->78586 78587 3732b 78583->78587 78584->78582 78584->78583 78588 36eca 78585->78588 78589 36ee8 78585->78589 78616 3712a 78586->78616 78648 2ab27 66 API calls 2 library calls 78586->78648 78651 2ab01 66 API calls __getptd_noexit 78587->78651 78642 2ab01 66 API calls __getptd_noexit 78588->78642 78644 2affa 68 API calls 3 library calls 78589->78644 78600 36fd6 78591->78600 78601 371ea 78591->78601 78591->78616 78594 36ecf 78643 2ab14 66 API calls __getptd_noexit 78594->78643 78596 36ef6 78596->78584 78597 37330 78652 2ab14 66 API calls __getptd_noexit 78597->78652 78603 3703a ReadFile 78600->78603 78611 370b7 78600->78611 78604 3725f ReadFile 78601->78604 78601->78616 78605 37058 GetLastError 78603->78605 78613 37062 78603->78613 78606 3727e GetLastError 78604->78606 78614 37288 78604->78614 78605->78600 78605->78613 78606->78601 78606->78614 78607 3717b MultiByteToWideChar 78608 3719f GetLastError 78607->78608 78607->78616 78608->78586 78609 37132 78617 370ef 78609->78617 78618 37169 78609->78618 78610 37125 78646 2ab01 66 API calls __getptd_noexit 78610->78646 78611->78609 78611->78610 78611->78616 78611->78617 78613->78600 78645 2affa 68 API calls 3 library calls 78613->78645 78614->78601 78650 2affa 68 API calls 3 library calls 78614->78650 78616->78573 78649 28dd0 66 API calls 2 library calls 78616->78649 78617->78607 78647 2affa 68 API calls 3 library calls 78618->78647 78621 37178 78621->78607 78622->78528 78623->78544 78624->78529 78625->78536 78626->78544 78627->78539 78628->78536 78629->78548 78630->78547 78631->78544 78632->78558 78633->78573 78634->78563 78635->78569 78636->78573 78637->78568 78638->78575 78639->78571 78640->78575 78641->78573 78642->78594 78643->78573 78644->78596 78645->78613 78646->78616 78647->78621 78648->78616 78649->78573 78650->78614 78651->78597 78652->78616 78653->78512 78654->78514 78656 29c11 78655->78656 78657 29bfd 78655->78657 78659 29c0d 78656->78659 78674 2ab4a 78656->78674 78684 2ab01 66 API calls __getptd_noexit 78657->78684 78673 29cc5 LeaveCriticalSection LeaveCriticalSection _vwprintf_helper 78659->78673 78660 29c02 78685 2d2d6 11 API calls _fgets 78660->78685 78666 31fd7 _fgets 66 API calls 78667 29c2b 78666->78667 78668 32135 __close 72 API calls 78667->78668 78669 29c31 78668->78669 78669->78659 78686 28dd0 66 API calls 2 library calls 78669->78686 78671->78390 78672->78394 78673->78394 78675 29c1d 78674->78675 78676 2ab63 78674->78676 78680 321f9 78675->78680 78676->78675 78677 31fd7 _fgets 66 API calls 78676->78677 78678 2ab7e 78677->78678 78687 3334a 97 API calls 5 library calls 78678->78687 78681 32209 78680->78681 78683 29c25 78680->78683 78681->78683 78688 28dd0 66 API calls 2 library calls 78681->78688 78683->78666 78684->78660 78685->78659 78686->78659 78687->78675 78688->78683 78689->77972 78690->77961 78691->77972 78692->77961 78694 24d04 78693->78694 78695 24d52 78693->78695 78696 247b7 177 API calls 78694->78696 78697 296e8 __call_reportfault 5 API calls 78695->78697 78699 24d12 _strlen 78696->78699 78698 24dbe LoadLibraryA 78697->78698 78698->77723 78698->77724 78699->78695 78700 24d57 78699->78700 78701 24d48 78699->78701 78703 23971 99 API calls 78700->78703 78714 23ba3 105 API calls 5 library calls 78701->78714 78704 24d73 78703->78704 78711 2ae7d 78704->78711 78707 24d85 LoadLibraryA 78707->78695 78708 24d93 78707->78708 78715 23ba3 105 API calls 5 library calls 78708->78715 78710->77728 78716 2adfe 78711->78716 78714->78695 78715->78695 78717 2ae25 78716->78717 78718 2ae0b 78716->78718 78717->78718 78719 2ae2e GetFileAttributesA 78717->78719 78734 2ab14 66 API calls __getptd_noexit 78718->78734 78721 2ae3c GetLastError 78719->78721 78724 2ae52 78719->78724 78737 2ab27 66 API calls 2 library calls 78721->78737 78722 2ae10 78735 2ab01 66 API calls __getptd_noexit 78722->78735 78725 24d7e 78724->78725 78739 2ab14 66 API calls __getptd_noexit 78724->78739 78725->78695 78725->78707 78727 2ae48 78738 2ab01 66 API calls __getptd_noexit 78727->78738 78728 2ae17 78736 2d2d6 11 API calls _fgets 78728->78736 78732 2ae65 78740 2ab01 66 API calls __getptd_noexit 78732->78740 78734->78722 78735->78728 78736->78725 78737->78727 78738->78725 78739->78732 78740->78727 78741->77730 78742->77742 78743->77742 78744->77734 78745->77734 78747 28bb6 __wgetenv 99 API calls 78746->78747 78748 21dc1 78747->78748 78749 28bb6 __wgetenv 99 API calls 78748->78749 78750 21dce 78749->78750 78780 21eaa 78750->78780 78785 2557a 179 API calls 78750->78785 78752 21ded 78753 21df7 78752->78753 78754 21e4f 78752->78754 78755 21e06 78753->78755 78786 26124 83 API calls 2 library calls 78753->78786 78791 25511 179 API calls 78754->78791 78760 21e21 78755->78760 78787 26124 83 API calls 2 library calls 78755->78787 78759 21e54 78761 21e71 78759->78761 78762 21e5a 78759->78762 78763 21e44 78760->78763 78788 25511 179 API calls 78760->78788 78794 254f1 179 API calls 78761->78794 78792 25551 179 API calls 78762->78792 78795 25531 179 API calls 78763->78795 78766 21e66 78793 254f1 179 API calls 78766->78793 78769 21e2f 78789 25551 179 API calls 78769->78789 78772 21e90 78796 243a4 130 API calls 2 library calls 78772->78796 78773 21e3b 78790 254d1 179 API calls 78773->78790 78776 21e9a 78797 243a4 130 API calls 2 library calls 78776->78797 78778 21ea0 78798 243a4 130 API calls 2 library calls 78778->78798 78780->77756 78782 2334c _memset 78781->78782 78799 24f6f 78782->78799 78784 233aa 78784->77620 78785->78752 78786->78755 78787->78760 78788->78769 78789->78773 78790->78763 78791->78759 78792->78766 78793->78763 78794->78763 78795->78772 78796->78776 78797->78778 78798->78780 78820 2af5a 78799->78820 78802 24fb2 78804 28bb6 __wgetenv 99 API calls 78802->78804 78815 25050 78802->78815 78803 2af5a 128 API calls 78803->78802 78806 24fce 78804->78806 78805 25058 WaitForSingleObject GetExitCodeThread CloseHandle 78807 25075 78805->78807 78810 24fdf 78806->78810 78841 3b3b9 85 API calls 2 library calls 78806->78841 78807->78784 78809 28bb6 __wgetenv 99 API calls 78811 24ff6 78809->78811 78810->78809 78812 25004 78811->78812 78842 3b3b9 85 API calls 2 library calls 78811->78842 78814 2502d 78812->78814 78812->78815 78843 3b3b9 85 API calls 2 library calls 78812->78843 78814->78815 78816 25045 78814->78816 78815->78805 78815->78807 78844 24e3a 185 API calls 2 library calls 78816->78844 78819 2504f 78819->78815 78821 2af6a 78820->78821 78822 2af7e 78820->78822 78845 2ab01 66 API calls __getptd_noexit 78821->78845 78823 2d34f ___set_flsgetvalue 3 API calls 78822->78823 78826 2af84 78823->78826 78825 2af6f 78846 2d2d6 11 API calls _fgets 78825->78846 78828 2fe3d __calloc_crt 66 API calls 78826->78828 78829 2af90 78828->78829 78830 2afe1 78829->78830 78832 2d50a __getptd 66 API calls 78829->78832 78847 28dd0 66 API calls 2 library calls 78830->78847 78834 2af9d 78832->78834 78833 2afe7 78838 24f94 78833->78838 78848 2ab27 66 API calls 2 library calls 78833->78848 78835 2d3dd __initptd 66 API calls 78834->78835 78837 2afa6 CreateThread 78835->78837 78837->78838 78840 2afd9 GetLastError 78837->78840 78849 2aef5 78837->78849 78838->78802 78838->78803 78840->78830 78841->78810 78842->78812 78843->78814 78844->78819 78845->78825 78846->78838 78847->78833 78848->78838 78850 2d34f ___set_flsgetvalue 3 API calls 78849->78850 78851 2af00 78850->78851 78864 2d32f TlsGetValue 78851->78864 78854 2af39 78866 2d524 78854->78866 78855 2af0f 78912 2d383 DecodePointer 78855->78912 78857 2af54 78902 2aeb4 78857->78902 78860 2af1e 78862 2af22 GetLastError ExitThread 78860->78862 78863 2af2f GetCurrentThreadId 78860->78863 78863->78857 78865 2af0b 78864->78865 78865->78854 78865->78855 78867 2d530 _fgets 78866->78867 78868 2d548 78867->78868 78870 2d632 _fgets 78867->78870 78913 28dd0 66 API calls 2 library calls 78867->78913 78869 2d556 78868->78869 78914 28dd0 66 API calls 2 library calls 78868->78914 78873 2d564 78869->78873 78915 28dd0 66 API calls 2 library calls 78869->78915 78870->78857 78875 2d572 78873->78875 78916 28dd0 66 API calls 2 library calls 78873->78916 78877 2d580 78875->78877 78917 28dd0 66 API calls 2 library calls 78875->78917 78878 2d58e 78877->78878 78918 28dd0 66 API calls 2 library calls 78877->78918 78881 2d59c 78878->78881 78919 28dd0 66 API calls 2 library calls 78878->78919 78883 2d5ad 78881->78883 78920 28dd0 66 API calls 2 library calls 78881->78920 78885 2ceac __lock 66 API calls 78883->78885 78886 2d5b5 78885->78886 78887 2d5c1 InterlockedDecrement 78886->78887 78888 2d5da 78886->78888 78887->78888 78889 2d5cc 78887->78889 78922 2d63e LeaveCriticalSection _doexit 78888->78922 78889->78888 78921 28dd0 66 API calls 2 library calls 78889->78921 78891 2d5e7 78893 2ceac __lock 66 API calls 78891->78893 78894 2d5ee 78893->78894 78901 2d61f 78894->78901 78923 34fb5 8 API calls 78894->78923 78897 2d62c 78926 28dd0 66 API calls 2 library calls 78897->78926 78899 2d603 78899->78901 78924 3504e 66 API calls 4 library calls 78899->78924 78925 2d64a LeaveCriticalSection _doexit 78901->78925 78903 2aec0 _fgets 78902->78903 78904 2d50a __getptd 66 API calls 78903->78904 78905 2aec5 78904->78905 78927 21ff3 78905->78927 78908 2aed5 78909 2ef45 __XcptFilter 66 API calls 78908->78909 78910 2aee6 78909->78910 78912->78860 78913->78868 78914->78869 78915->78873 78916->78875 78917->78877 78918->78878 78919->78881 78920->78883 78921->78888 78922->78891 78923->78899 78924->78901 78925->78897 78926->78870 78928 2202c 78927->78928 78929 23ad9 2 API calls 78928->78929 78930 22031 78929->78930 78985 2141d 78930->78985 78932 22047 78933 22060 78932->78933 79060 23ba3 105 API calls 5 library calls 78932->79060 78938 22072 78933->78938 79062 21a28 107 API calls 78933->79062 78935 22058 79061 28a0a 66 API calls _doexit 78935->79061 78943 22080 78938->78943 78951 2212a 78938->78951 79065 219d2 107 API calls 78938->79065 78940 220d2 78944 220e0 78940->78944 78945 220fa 78940->78945 78942 222ce 78942->78943 78950 222e0 78942->78950 79063 23d4c MessageBoxA 78943->79063 79066 23d4c MessageBoxA 78944->79066 78948 22103 78945->78948 78945->78951 78973 220a0 78948->78973 79067 23ba3 105 API calls 5 library calls 78948->79067 78949 22088 78949->78973 79064 23ba3 105 API calls 5 library calls 78949->79064 78950->78973 79074 23ba3 105 API calls 5 library calls 78950->79074 78955 23ad9 2 API calls 78951->78955 78958 22180 78951->78958 78977 2229c 78951->78977 78956 22169 78955->78956 78962 23971 99 API calls 78956->78962 78957 221cf 78997 21685 78957->78997 78958->78957 79068 28a72 104 API calls 6 library calls 78958->79068 78961 221a0 79069 28a72 104 API calls 6 library calls 78961->79069 78962->78958 78964 221ad 78964->78957 79070 28a72 104 API calls 6 library calls 78964->79070 78967 221f4 79071 23ba3 105 API calls 5 library calls 78967->79071 78970 2220b 78971 2220f 78970->78971 78974 22222 78970->78974 79072 23ba3 105 API calls 5 library calls 78971->79072 78978 2ae95 78973->78978 78974->78943 78974->78967 79022 2451d 78974->79022 78976 2227e 78976->78943 78976->78967 78976->78977 79073 21ab9 107 API calls 78977->79073 78979 2d491 __getptd_noexit 66 API calls 78978->78979 78980 2ae9f 78979->78980 78981 2aea3 78980->78981 78982 2aeaa ExitThread 78980->78982 79117 2d653 79 API calls __freefls@4 78981->79117 78984 2aea9 78984->78982 78986 21431 _memset 78985->78986 78990 214c4 78986->78990 79075 28a72 104 API calls 6 library calls 78986->79075 78988 21462 79076 28a72 104 API calls 6 library calls 78988->79076 78990->78932 78991 2146f 79077 28a72 104 API calls 6 library calls 78991->79077 78993 2148d 79078 28a72 104 API calls 6 library calls 78993->79078 78995 2149a 78995->78990 79079 28a72 104 API calls 6 library calls 78995->79079 79080 214eb 78997->79080 79000 2169c 79095 23ba3 105 API calls 5 library calls 79000->79095 79002 216bc 79005 2170f 79002->79005 79086 2151b 79002->79086 79003 216ae 79003->79002 79004 23ad9 2 API calls 79003->79004 79004->79002 79096 23ba3 105 API calls 5 library calls 79005->79096 79009 216a6 79009->78943 79009->78967 79016 2175d 79009->79016 79010 2171e 79010->79009 79011 23ad9 2 API calls 79010->79011 79012 2172c 79011->79012 79097 28a72 104 API calls 6 library calls 79012->79097 79014 21744 79098 28a72 104 API calls 6 library calls 79014->79098 79017 214eb 107 API calls 79016->79017 79018 21764 79017->79018 79021 21792 79018->79021 79109 23ba3 105 API calls 5 library calls 79018->79109 79020 21775 79020->78970 79021->78970 79023 214eb 107 API calls 79022->79023 79024 2452f 79023->79024 79025 24546 79024->79025 79026 24537 79024->79026 79028 2454e 79025->79028 79031 24562 79025->79031 79110 23ba3 105 API calls 5 library calls 79026->79110 79111 215ee 107 API calls 79028->79111 79030 24541 79030->78976 79112 244ac 100 API calls 79031->79112 79033 2457d 79034 24584 79033->79034 79035 245ae __tzset_nolock 79033->79035 79036 23971 99 API calls 79034->79036 79038 245e6 79035->79038 79039 245c9 79035->79039 79037 24590 79036->79037 79040 23971 99 API calls 79037->79040 79042 23904 97 API calls 79038->79042 79041 23971 99 API calls 79039->79041 79043 2459a 79040->79043 79044 245d3 79041->79044 79051 245f1 __tzset_nolock _strlen 79042->79051 79113 215ee 107 API calls 79043->79113 79046 23971 99 API calls 79044->79046 79047 245df 79046->79047 79114 215ee 107 API calls 79047->79114 79049 23904 97 API calls 79049->79051 79050 23b5d 102 API calls 79050->79051 79051->79047 79051->79049 79051->79050 79052 23971 99 API calls 79051->79052 79053 24695 79051->79053 79059 2455a 79051->79059 79052->79051 79053->79047 79054 246cf 79053->79054 79055 246ef 79054->79055 79056 246fd 79054->79056 79115 23ba3 105 API calls 5 library calls 79055->79115 79116 215ee 107 API calls 79056->79116 79059->78976 79060->78935 79061->78933 79062->78938 79063->78949 79064->78973 79065->78940 79066->78949 79067->78973 79068->78961 79069->78964 79070->78964 79071->78949 79072->78973 79073->78942 79074->78973 79075->78988 79076->78991 79077->78993 79078->78995 79079->78995 79081 214f4 79080->79081 79082 21517 79080->79082 79099 243ef 79081->79099 79082->79000 79082->79003 79084 21502 79084->79082 79106 23ba3 105 API calls 5 library calls 79084->79106 79087 21528 _strlen 79086->79087 79088 214eb 107 API calls 79087->79088 79089 21530 79088->79089 79090 21539 79089->79090 79092 21548 79089->79092 79107 23ba3 105 API calls 5 library calls 79090->79107 79094 21543 79092->79094 79108 23ba3 105 API calls 5 library calls 79092->79108 79094->79005 79094->79009 79094->79010 79095->79009 79096->79009 79097->79014 79098->79009 79100 243f9 GetModuleHandleA 79099->79100 79103 24431 79099->79103 79101 2440c GetProcAddress 79100->79101 79105 24408 79100->79105 79102 24422 79101->79102 79101->79103 79104 23ba3 105 API calls 79102->79104 79103->79084 79104->79105 79105->79084 79106->79082 79107->79094 79108->79094 79109->79020 79110->79030 79111->79059 79112->79033 79113->79059 79114->79059 79115->79059 79116->79059 79117->78984 79118->77769 79119->77772 79120->77771 79121->77786 79122->77792 79123->77793 79124->77792 79125->77802 79126 6b96472c 79127 6b964737 79126->79127 79128 6b96473c 79126->79128 79140 6b964ac4 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 79127->79140 79132 6b964616 79128->79132 79131 6b96474a 79133 6b964622 ___DllMainCRTStartup 79132->79133 79135 6b964649 ___DllMainCRTStartup 79133->79135 79138 6b96467d 79133->79138 79141 6b96440c 79133->79141 79135->79131 79136 6b9646ad 79136->79135 79137 6b96440c __CRT_INIT@12 19 API calls 79136->79137 79137->79135 79138->79135 79138->79136 79139 6b96440c __CRT_INIT@12 19 API calls 79138->79139 79139->79136 79140->79128 79145 6b96444f 79141->79145 79147 6b96441d 79141->79147 79142 6b964448 __IsNonwritableInCurrentImage 79142->79138 79143 6b964532 InterlockedCompareExchange 79143->79147 79148 6b96453c 79143->79148 79144 6b964485 InterlockedCompareExchange 79144->79145 79146 6b96448d 79144->79146 79145->79142 79145->79144 79145->79146 79149 6b964478 Sleep 79145->79149 79151 6b9644a2 _amsg_exit 79146->79151 79152 6b9644ab _initterm_e 79146->79152 79147->79142 79147->79143 79147->79148 79150 6b964527 Sleep 79147->79150 79153 6b96454f _amsg_exit 79148->79153 79154 6b96455c DecodePointer 79148->79154 79149->79144 79150->79143 79155 6b9644e4 79151->79155 79152->79142 79156 6b9644ce _initterm 79152->79156 79153->79142 79157 6b964575 DecodePointer 79154->79157 79158 6b9645f8 79154->79158 79155->79142 79160 6b9644ec InterlockedExchange 79155->79160 79156->79155 79161 6b964588 79157->79161 79158->79142 79159 6b964604 InterlockedExchange 79158->79159 79159->79142 79160->79142 79162 6b9645de free _encoded_null 79161->79162 79163 6b964595 _encoded_null 79161->79163 79162->79158 79163->79161 79164 6b96459f DecodePointer _encoded_null 79163->79164 79165 6b9645b1 DecodePointer DecodePointer 79164->79165 79165->79161 79166 6b926f48 79167 6b926f54 __EH_prolog3_catch 79166->79167 79168 6b954450 4 API calls 79167->79168 79169 6b926f62 79168->79169 79170 6b927329 _CxxThrowException 79169->79170 79172 6b926feb moneypunct 79169->79172 79171 6b927348 79170->79171 79173 28c59 79214 2db40 79173->79214 79175 28c65 GetStartupInfoW 79176 28c79 HeapSetInformation 79175->79176 79179 28c84 79175->79179 79176->79179 79178 28cd2 79180 28cd6 79178->79180 79181 28cdd 79178->79181 79215 2f6fb HeapCreate 79179->79215 79216 28c30 66 API calls 3 library calls 79180->79216 79217 2d6c1 84 API calls 4 library calls 79181->79217 79184 28ce3 79185 28cee __RTC_Initialize 79184->79185 79218 28c30 66 API calls 3 library calls 79184->79218 79219 2f4b6 73 API calls __calloc_crt 79185->79219 79188 28cfc 79189 28d08 GetCommandLineA 79188->79189 79220 28a54 66 API calls 3 library calls 79188->79220 79221 2f41f 71 API calls 2 library calls 79189->79221 79193 28d18 79222 2f364 95 API calls 3 library calls 79193->79222 79195 28d22 79196 28d2d 79195->79196 79223 28a54 66 API calls 3 library calls 79195->79223 79224 2f0ee 94 API calls 7 library calls 79196->79224 79199 28d33 79200 28d3e 79199->79200 79225 28a54 66 API calls 3 library calls 79199->79225 79226 28833 77 API calls 4 library calls 79200->79226 79203 28d46 79204 28d51 79203->79204 79227 28a54 66 API calls 3 library calls 79203->79227 79228 2f08f 94 API calls 2 library calls 79204->79228 79207 28d57 79229 21000 262 API calls __wgetenv 79207->79229 79209 28d73 79210 28d81 79209->79210 79230 28a0a 66 API calls _doexit 79209->79230 79231 28a36 66 API calls _doexit 79210->79231 79213 28d86 _fgets 79214->79175 79215->79178 79216->79181 79217->79184 79218->79185 79219->79188 79221->79193 79222->79195 79224->79199 79226->79203 79228->79207 79229->79209 79230->79210 79231->79213 79232 6b93b2cd RegOpenKeyExW 79233 6b93b344 79232->79233 79234 6b93b2f9 RegQueryValueExW 79232->79234 79235 6b93b33b RegCloseKey 79234->79235 79236 6b93b31e 79234->79236 79235->79233 79236->79235

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 466 24dc6-24deb call 23971 call 24cdb LoadLibraryA 471 24df7-24e1c GetProcAddress * 2 466->471 472 24ded-24df5 466->472 474 24e26-24e29 471->474 475 24e1e-24e20 471->475 473 24e2e-24e36 call 23ba3 472->473 478 24e37-24e39 473->478 474->473 475->474 477 24e22-24e24 475->477 477->478
                                APIs
                                  • Part of subcall function 00023971: _vwprintf.LIBCMT ref: 00023983
                                  • Part of subcall function 00024CDB: _strlen.LIBCMT ref: 00024D21
                                  • Part of subcall function 00024CDB: _strlen.LIBCMT ref: 00024D2F
                                  • Part of subcall function 00024CDB: _strlen.LIBCMT ref: 00024D3A
                                • LoadLibraryA.KERNEL32(?), ref: 00024DE1
                                • GetProcAddress.KERNEL32(00000000,JNI_CreateJavaVM), ref: 00024E05
                                • GetProcAddress.KERNEL32(00000000,JNI_GetDefaultJavaVMInitArgs), ref: 00024E12
                                  • Part of subcall function 00023BA3: _vwprintf.LIBCMT ref: 00023BB8
                                  • Part of subcall function 00023BA3: _vswprintf_s.LIBCMT ref: 00023BD3
                                  • Part of subcall function 00023BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00023BE9
                                Strings
                                • Error: loading: %s, xrefs: 00024DF0
                                • JVM path is %s, xrefs: 00024DCD
                                • JNI_GetDefaultJavaVMInitArgs, xrefs: 00024E0A
                                • Error: can't find JNI interfaces in: %s, xrefs: 00024E29
                                • JNI_CreateJavaVM, xrefs: 00024DFF
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen$AddressProc_vwprintf$LibraryLoadMessage_vswprintf_s
                                • String ID: Error: can't find JNI interfaces in: %s$Error: loading: %s$JNI_CreateJavaVM$JNI_GetDefaultJavaVMInitArgs$JVM path is %s
                                • API String ID: 888266038-3810690643
                                • Opcode ID: f11e59d976f83ee683d8ca88ca607ee25261099c156ffdba2bcb0ff86111405e
                                • Instruction ID: c0e7c91b1c10c5756b8f29f31b2559f37d811c21a5a073f08faadb975a6413ec
                                • Opcode Fuzzy Hash: f11e59d976f83ee683d8ca88ca607ee25261099c156ffdba2bcb0ff86111405e
                                • Instruction Fuzzy Hash: E3F02276108325FBEF126FA5BC02AEABBDCEF14760F114027FA485A052DAB5C9408B50

                                Control-flow Graph

                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 6B926F4F
                                  • Part of subcall function 6B95F49D: _JNU_GetEnv@8.JAVA(6C975A58,00010002,6B95A2EA,00000004,6B8C7083,?,00000020,?,00000020,?), ref: 6B95F4AC
                                  • Part of subcall function 6B954450: GetCurrentThreadId.KERNEL32 ref: 6B95448B
                                  • Part of subcall function 6B954450: _CxxThrowException.MSVCR100(?,6B989788), ref: 6B9544A7
                                  • Part of subcall function 6B954450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B989788), ref: 6B9544B6
                                  • Part of subcall function 6B954450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9544BD
                                • _CxxThrowException.MSVCR100(?,6B989388), ref: 6B92733E
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: ExceptionThrow$CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWait
                                • String ID: ()Ljava/awt/Font;$()Ljava/awt/Point;$()Ljava/awt/Toolkit;$()V$()Z$()[I$Ljava/awt/Color;$Ljava/awt/Container;$Ljava/awt/Cursor;$Ljava/awt/GraphicsConfiguration;$Ljava/awt/peer/ComponentPeer;$Lsun/awt/AppContext;$Lsun/awt/Win32GraphicsConfig;$appContext$background$cursor$disposeLater$enabled$focusable$foreground$getButtonDownMasks$getFont_NoClientCode$getLocationOnScreen_NoTreeLock$getToolkitImpl$graphicsConfig$height$hwnd$isEnabledImpl$java/awt/event/InputEvent$parent$peer$replaceSurfaceData$replaceSurfaceDataLater$sun/awt/windows/WComponentPeer$visible$width$winGraphicsConfig
                                • API String ID: 2813242525-2195416285
                                • Opcode ID: 4534441d025801a761fe5e1a7215c5e4369e7e3201e5b05cff915abe19e6c55d
                                • Instruction ID: 7af06e391b8e4910781913f404b370bf8ac27de6e3b98744de3eab73d5ff310d
                                • Opcode Fuzzy Hash: 4534441d025801a761fe5e1a7215c5e4369e7e3201e5b05cff915abe19e6c55d
                                • Instruction Fuzzy Hash: E5B14B35645642BBEB219F65DC48FAE3BF8AF8A344B5144B9FC44EB251DB38C940CB60

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 80 22f8a-22fc5 call 239b2 83 22fd2-22fe4 call 29f5a 80->83 84 22fc7-22fcf call 23ad9 80->84 89 22fe6-22fed 83->89 90 2300b-2301f call 29d66 83->90 84->83 92 23003-23006 89->92 93 22fef-22ffe call 23ba3 call 28a0a 89->93 97 232e5-232e8 call 29c59 90->97 98 23025-23028 90->98 94 23322-23338 call 296e8 92->94 93->92 107 232ed-232fe call 239b2 97->107 101 23029-23033 98->101 105 232c8-232d4 call 29d66 101->105 106 23039-2303d 101->106 112 232d9-232de 105->112 109 23052-2305a 106->109 110 2303f-2304f call 23ba3 106->110 122 23320 107->122 123 23300-2331d call 23ad9 call 23b1f call 28a72 107->123 114 230b6-230df call 29060 call 29d20 109->114 115 2305c-2305e 109->115 110->109 112->101 117 232e4 112->117 136 230e1-230f8 call 29cd0 114->136 137 230fa-23100 114->137 120 23060-23063 115->120 121 23065 115->121 117->97 125 23068-2306b 120->125 121->125 122->94 123->122 129 23070-23085 call 23904 125->129 130 2306d 125->130 140 23087-23098 call 29180 129->140 141 2309b-230b0 call 2396c 129->141 130->129 136->137 148 23112-23121 call 239b8 136->148 139 23105-2310d call 23ba3 137->139 152 2323b-23252 call 23971 139->152 140->141 141->114 157 23127-23136 call 239b8 148->157 158 23239 148->158 152->105 159 23254-2326e call 2394b 152->159 164 23138-2314b call 29d20 157->164 165 2317f-2318e call 239b8 157->165 158->152 167 23270-23273 159->167 168 23297-232b2 call 2394b 159->168 164->137 179 2314d-23160 call 29cd0 164->179 175 23190-23192 165->175 176 23197-231a6 call 239b8 165->176 171 23275-23295 call 2394b 167->171 172 232bf-232c5 167->172 183 232b7-232bc call 23971 168->183 171->183 172->105 180 23223-23224 175->180 190 231a8-231aa 176->190 191 231ac-231bb call 239b8 176->191 179->137 189 23162-2317a call 29d20 179->189 180->152 183->172 189->152 190->180 196 231c1-231d0 call 239b8 191->196 197 231bd-231bf 191->197 200 231d2-231e5 call 29d20 196->200 201 23226-23236 call 23ba3 196->201 197->180 206 231e7-231fa call 29cd0 200->206 207 231fc-23207 200->207 201->158 206->207 210 2320c-23221 call 29d20 206->210 207->139 210->180
                                APIs
                                  • Part of subcall function 00023AD9: QueryPerformanceFrequency.KERNEL32(00045498,?,?,?,0002172C,00000000,checkAndLoadMain,(ZILjava/lang/String;)Ljava/lang/Class;), ref: 00023AEC
                                • _fgets.LIBCMT ref: 00023015
                                • _memmove.LIBCMT ref: 00023093
                                • _strlen.LIBCMT ref: 000230BA
                                • _strcspn.LIBCMT ref: 000230D0
                                • _strspn.LIBCMT ref: 000230EC
                                  • Part of subcall function 00023BA3: _vwprintf.LIBCMT ref: 00023BB8
                                  • Part of subcall function 00023BA3: _vswprintf_s.LIBCMT ref: 00023BD3
                                  • Part of subcall function 00023BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00023BE9
                                  • Part of subcall function 000239B8: _strlen.LIBCMT ref: 000239BC
                                  • Part of subcall function 000239B8: _strncmp.LIBCMT ref: 000239CA
                                • _strcspn.LIBCMT ref: 0002313F
                                • _strspn.LIBCMT ref: 00023154
                                • _strcspn.LIBCMT ref: 0002316C
                                • _fgets.LIBCMT ref: 000232D4
                                Strings
                                • Warning: Missing server class VM on line %d of `%s', xrefs: 00023202
                                • name: %s vmType: %s server_class: %s, xrefs: 00023290
                                • VM_IF_SERVER_CLASS, xrefs: 00023284
                                • jvm.cfg[%d] = ->%s<-, xrefs: 00023242
                                • name: %s vmType: %s alias: %s, xrefs: 000232B2
                                • Error: could not open `%s', xrefs: 00022FF0
                                • ERROR, xrefs: 000231AC
                                • KNOWN, xrefs: 00023112
                                • Warning: Unknown VM type on line %d of `%s', xrefs: 0002322C
                                • VM_ALIASED_TO, xrefs: 000232A6
                                • IF_SERVER_CLASS, xrefs: 000231C1
                                • ALIASED_TO, xrefs: 00023127
                                • IGNORE, xrefs: 00023197
                                • Warning: Missing VM type on line %d of `%s', xrefs: 00023100
                                • Warning: No leading - on line %d of `%s', xrefs: 00023045
                                • WARN, xrefs: 0002317F
                                • %ld micro seconds to parse jvm.cfg, xrefs: 00023313
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strcspn$_fgets_strlen_strspn$FrequencyMessagePerformanceQuery_memmove_strncmp_vswprintf_s_vwprintf
                                • String ID: name: %s vmType: %s alias: %s$ name: %s vmType: %s server_class: %s$%ld micro seconds to parse jvm.cfg$ALIASED_TO$ERROR$Error: could not open `%s'$IF_SERVER_CLASS$IGNORE$KNOWN$VM_ALIASED_TO$VM_IF_SERVER_CLASS$WARN$Warning: Missing VM type on line %d of `%s'$Warning: Missing server class VM on line %d of `%s'$Warning: No leading - on line %d of `%s'$Warning: Unknown VM type on line %d of `%s'$jvm.cfg[%d] = ->%s<-
                                • API String ID: 297572648-2085308502
                                • Opcode ID: f7b574da07abf6186fd0f5ebb922b6c47facb9819d0ca28a53b5d1a83d301051
                                • Instruction ID: 91375864cc25106a642227025d725f034927c2412ad1f676100661b628568c6f
                                • Opcode Fuzzy Hash: f7b574da07abf6186fd0f5ebb922b6c47facb9819d0ca28a53b5d1a83d301051
                                • Instruction Fuzzy Hash: 1CA13D72C04325AFEB259FA4BC06BDD7BE8EF06314F20001AF6046B193EB795A55CB15

                                Control-flow Graph

                                APIs
                                  • Part of subcall function 00023A4E: GetModuleFileNameA.KERNEL32(00000000,?,?,?,000247E5,?,?,?,00000104), ref: 00023A5A
                                  • Part of subcall function 00023A4E: _strrchr.LIBCMT ref: 00023A63
                                  • Part of subcall function 00023A4E: _strrchr.LIBCMT ref: 00023A6E
                                • RegOpenKeyExA.ADVAPI32(80000002,Software\JavaSoft\Java Runtime Environment,00000000,00020019,?,_JAVA_SPLASH_FILE,?,00000104), ref: 000248B8
                                  • Part of subcall function 00023B5D: _vswprintf_s.LIBCMT ref: 00023B7D
                                • __stat64i32.LIBCMT ref: 00024812
                                • _strlen.LIBCMT ref: 00024832
                                • RegCloseKey.ADVAPI32(?), ref: 00024920
                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 0002496E
                                • RegCloseKey.ADVAPI32(?), ref: 000249C6
                                • RegCloseKey.ADVAPI32(?), ref: 00024A28
                                • RegCloseKey.ADVAPI32(?), ref: 00024A2D
                                  • Part of subcall function 00023A87: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,00000104,Software\JavaSoft\Java Runtime Environment,?,?,?,00024909,?,CurrentVersion,?,00000104), ref: 00023AA5
                                  • Part of subcall function 00023A87: RegQueryValueExA.ADVAPI32(00000001,?,00000000,00000000,?,00000104,?,?,?,00024909,?,CurrentVersion), ref: 00023ACA
                                • RegCloseKey.ADVAPI32(?), ref: 000249CB
                                  • Part of subcall function 00023971: _vwprintf.LIBCMT ref: 00023983
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Close$OpenQueryValue_strrchr$FileModuleName__stat64i32_strlen_vswprintf_s_vwprintf
                                • String ID: %s\bin\java.dll$%s\jre\bin\java.dll$CurrentVersion$Error: Failed reading value of registry key:%s\CurrentVersion$Error: Registry key '%s'\CurrentVersion'has value '%s', but '%s' is required.$Error: could not find java.dll$Error: opening registry key '%s'$Failed reading value of registry key:%s\%s\JavaHome$Insufficient space to store JRE path$JRE path is %s$JavaHome$MicroVersion$Software\JavaSoft\Java Runtime Environment$Version major.minor.micro = %s.%s$Warning: Can't read MicroVersion$\jre$_JAVA_SPLASH_FILE
                                • API String ID: 3601377668-3297123116
                                • Opcode ID: fece7673f0d11a24d0a9fbc29845bf10b8be8ffd08942e584bc2e5ff3e3a27f9
                                • Instruction ID: 43574491a2f66e3778f24e07bdaa47f1d179d15abde43e32dce09a96d523d8a6
                                • Opcode Fuzzy Hash: fece7673f0d11a24d0a9fbc29845bf10b8be8ffd08942e584bc2e5ff3e3a27f9
                                • Instruction Fuzzy Hash: D351B772845168ABEF31BFA4BC46EEE7BACDF15310F100057FA19A6083EF759614CA61

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 372 24cdb-24cfe 373 24d04-24d15 call 247b7 372->373 374 24dae 372->374 380 24da4 373->380 381 24d1b-24d46 call 29060 * 3 373->381 375 24db0-24dc5 call 296e8 374->375 380->374 388 24d57-24d83 call 29600 call 23971 call 2ae7d 381->388 389 24d48-24d4d call 23ba3 381->389 388->380 398 24d85-24d91 LoadLibraryA 388->398 392 24d52-24d55 389->392 392->375 398->380 399 24d93-24da2 call 23ba3 398->399 399->392
                                APIs
                                  • Part of subcall function 000247B7: __stat64i32.LIBCMT ref: 00024812
                                • _strlen.LIBCMT ref: 00024D21
                                • _strlen.LIBCMT ref: 00024D2F
                                • _strlen.LIBCMT ref: 00024D3A
                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,\bin\verify.dll), ref: 00024D89
                                  • Part of subcall function 00023BA3: _vwprintf.LIBCMT ref: 00023BB8
                                  • Part of subcall function 00023BA3: _vswprintf_s.LIBCMT ref: 00023BD3
                                  • Part of subcall function 00023BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00023BE9
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen$LibraryLoadMessage__stat64i32_vswprintf_s_vwprintf
                                • String ID: CRT path is %s$Error: Path length exceeds maximum length (PATH_MAX)$Error: loading: %s$\bin\$\bin\msvcr100.dll$\bin\verify.dll$msvcr100.dll
                                • API String ID: 3923379734-855819635
                                • Opcode ID: f4cf1188ad3c89cea0c1ba8734eadc06e0e5cbe12166758f04cf4291b5dbb500
                                • Instruction ID: 530a5a04fe08365822ae53a94b245548c980ed00611af9364e8d393e0d9e96ae
                                • Opcode Fuzzy Hash: f4cf1188ad3c89cea0c1ba8734eadc06e0e5cbe12166758f04cf4291b5dbb500
                                • Instruction Fuzzy Hash: D011B7725402389BDB11ABA4FC86FED73ECAF41318F50041AF541DB082EF74A5488760

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 402 24f6f-24f8f call 2af5a 404 24f94-24f9c 402->404 405 24fb8-24fbe 404->405 406 24f9e-24fb5 call 2af5a 404->406 408 25051-25056 405->408 409 24fc4-24fd6 call 28bb6 405->409 406->405 411 25075-2507b 408->411 412 25058-25073 WaitForSingleObject GetExitCodeThread CloseHandle 408->412 416 24feb-24ffb call 28bb6 409->416 417 24fd8-24fe3 call 3b3b9 409->417 415 2507e-25086 411->415 412->415 419 25088 call 24472 415->419 420 2508d-25091 415->420 427 25010-25016 416->427 428 24ffd-25008 call 3b3b9 416->428 417->416 426 24fe5 417->426 419->420 426->416 430 25043 427->430 431 25018-25020 427->431 428->427 438 2500a 428->438 432 25050 430->432 433 25045-2504f call 24e3a 430->433 431->432 435 25022-25031 call 3b3b9 431->435 432->408 433->432 441 25033 435->441 442 2503d 435->442 438->427 441->442 442->430
                                APIs
                                • __wgetenv.LIBCMT ref: 00024FC9
                                • __wgetenv.LIBCMT ref: 00024FF1
                                • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?), ref: 0002505B
                                • GetExitCodeThread.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00025066
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?), ref: 0002506D
                                  • Part of subcall function 0002AF5A: ___set_flsgetvalue.LIBCMT ref: 0002AF7F
                                  • Part of subcall function 0002AF5A: __calloc_crt.LIBCMT ref: 0002AF8B
                                  • Part of subcall function 0002AF5A: __getptd.LIBCMT ref: 0002AF98
                                  • Part of subcall function 0002AF5A: __initptd.LIBCMT ref: 0002AFA1
                                  • Part of subcall function 0002AF5A: CreateThread.KERNEL32(?,?,0002AEF5,00000000,?,?), ref: 0002AFCF
                                  • Part of subcall function 0002AF5A: GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 0002AFD9
                                  • Part of subcall function 0002AF5A: _free.LIBCMT ref: 0002AFE2
                                  • Part of subcall function 0002AF5A: __dosmaperr.LIBCMT ref: 0002AFED
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Thread__wgetenv$CloseCodeCreateErrorExitHandleLastObjectSingleWait___set_flsgetvalue__calloc_crt__dosmaperr__getptd__initptd_free
                                • String ID: J2D_D3D$J2D_D3D_PRELOAD$false$preloadD3D$true
                                • API String ID: 2452802370-3397395437
                                • Opcode ID: f617527dc0f3dea030143ea288d2df117d49b05bbbccc2046e20e5730626910e
                                • Instruction ID: acf0970f315029a69ea01abb4a01507d1f1e5ffd741c527781aba44e7cb6236c
                                • Opcode Fuzzy Hash: f617527dc0f3dea030143ea288d2df117d49b05bbbccc2046e20e5730626910e
                                • Instruction Fuzzy Hash: 1831E7B5900624BFDB22AFA4BD85EDE7BA8FB85311B100116F604B6152E7394950CB95

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 443 2141d-21456 call 29570 call 239b2 448 214c4-214ea call 2396c 443->448 449 21458-2147b call 28a72 * 2 443->449 457 21482-214a5 call 28a72 * 2 449->457 458 2147d 449->458 457->448 463 214a7-214c2 call 28a72 457->463 458->457 463->448
                                APIs
                                • _memset.LIBCMT ref: 0002142C
                                  • Part of subcall function 00028A72: __stbuf.LIBCMT ref: 00028AC0
                                  • Part of subcall function 00028A72: __ftbuf.LIBCMT ref: 00028AE9
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __ftbuf__stbuf_memset
                                • String ID: option[%2d] = '%s'$JNI_FALSE$JNI_TRUE$JavaVM args: $ignoreUnrecognized is %s, $nOptions is %ld$version 0x%08lx,
                                • API String ID: 2530426458-3298565182
                                • Opcode ID: 1901b2a219712e29ad2489bfd63d5dac4a350cfee76984a748c4870a9000e199
                                • Instruction ID: 636ff243626c833a7bbaedeb050dcc23fd4add4b9cc4c29459745a08562a1643
                                • Opcode Fuzzy Hash: 1901b2a219712e29ad2489bfd63d5dac4a350cfee76984a748c4870a9000e199
                                • Instruction Fuzzy Hash: F8110675D01234BBEF11EBE4AC02EEDBBA8EF05315F008055F905BB153DA758A408B92

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 480 2af5a-2af68 481 2af6a-2af7c call 2ab01 call 2d2d6 480->481 482 2af7e-2af96 call 2d34f call 2fe3d 480->482 491 2aff6-2aff9 481->491 492 2afe1-2afea call 28dd0 482->492 493 2af98-2afba call 2d50a call 2d3dd 482->493 498 2aff3 492->498 499 2afec-2aff2 call 2ab27 492->499 505 2afbf-2afd7 CreateThread 493->505 506 2afbc 493->506 502 2aff5 498->502 499->498 502->491 505->502 507 2afd9-2afdf GetLastError 505->507 506->505 507->492
                                APIs
                                • ___set_flsgetvalue.LIBCMT ref: 0002AF7F
                                • __calloc_crt.LIBCMT ref: 0002AF8B
                                • __getptd.LIBCMT ref: 0002AF98
                                • __initptd.LIBCMT ref: 0002AFA1
                                • CreateThread.KERNEL32(?,?,0002AEF5,00000000,?,?), ref: 0002AFCF
                                • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 0002AFD9
                                • _free.LIBCMT ref: 0002AFE2
                                • __dosmaperr.LIBCMT ref: 0002AFED
                                  • Part of subcall function 0002AB01: __getptd_noexit.LIBCMT ref: 0002AB01
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit__initptd_free
                                • String ID:
                                • API String ID: 73303432-0
                                • Opcode ID: f33153ad0a3d3a1d4337ea9efbdb96ba37ebf0c727d85145b04d2b8a1ca62162
                                • Instruction ID: 24a7dbf7258546157a62dd4ed496eb74230648685c170f6ff7c74b80329db1e5
                                • Opcode Fuzzy Hash: f33153ad0a3d3a1d4337ea9efbdb96ba37ebf0c727d85145b04d2b8a1ca62162
                                • Instruction Fuzzy Hash: 34110272204366AFEB61AFE4FC419DB37E9EF06360B00002AF914C6492DF74DC018762

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 621 233ba-2345f call 2443d call 21ee0 call 239b2 628 234a2-234e7 call 2256f call 24ae2 621->628 629 23461-23475 call 28a72 621->629 641 234f9-23506 call 239b2 628->641 642 234e9-234f8 call 210e3 628->642 635 23477-23492 call 28a72 629->635 636 23494-234a1 call 2129b 629->636 635->636 636->628 648 23513-23527 call 24dc6 641->648 649 23508-23510 call 23ad9 641->649 642->641 654 23531-23538 call 239b2 648->654 655 23529-2352c 648->655 649->648 660 23541-23544 654->660 661 2353a-2353f call 23ad9 654->661 656 2363b-23651 call 296e8 655->656 664 23547-23572 call 23b1f call 23971 660->664 661->664 670 235a7-235b4 call 28bb6 664->670 671 23574-2359d call 22e45 call 217a2 664->671 677 235b6 670->677 678 235bb call 213bf 670->678 681 235c0-235e1 call 2296b 671->681 682 2359f-235a2 671->682 677->678 678->681 685 235e3-235e6 681->685 686 235e8-235ec 681->686 682->656 685->656 687 235f6-23633 call 2192a call 219c3 call 244a8 call 2447e 686->687 688 235ee-235f1 call 213bf 686->688 697 23638 687->697 688->687 697->656
                                APIs
                                  • Part of subcall function 0002443D: _memset.LIBCMT ref: 0002444A
                                  • Part of subcall function 0002443D: InitCommonControlsEx.COMCTL32(?), ref: 0002445D
                                  • Part of subcall function 00028A72: __stbuf.LIBCMT ref: 00028AC0
                                  • Part of subcall function 00028A72: __ftbuf.LIBCMT ref: 00028AE9
                                • __wgetenv.LIBCMT ref: 000235AC
                                  • Part of subcall function 000213BF: _strlen.LIBCMT ref: 000213D1
                                  • Part of subcall function 000213BF: _strlen.LIBCMT ref: 000213DA
                                  • Part of subcall function 000213BF: _strlen.LIBCMT ref: 000213E7
                                  • Part of subcall function 000213BF: _sprintf.LIBCMT ref: 000213FE
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen$CommonControlsInit__ftbuf__stbuf__wgetenv_memset_sprintf
                                • String ID: %ld micro seconds to LoadJavaVM$-Dsun.java.launcher.diag=true$CLASSPATH$Command line args:$argv[%d] = %s
                                • API String ID: 2460755827-597257649
                                • Opcode ID: 4e951fbfed77aead93e55f91b5bc1d20e93dd1cb237c6f3d939e8b0f629f20a0
                                • Instruction ID: 96c141bc705146c4ecbe7ca574feacfb6a56a14a43ce219e0abe0f45b76ab946
                                • Opcode Fuzzy Hash: 4e951fbfed77aead93e55f91b5bc1d20e93dd1cb237c6f3d939e8b0f629f20a0
                                • Instruction Fuzzy Hash: C2713FB2900268AFDF21EFE4ED85EDD77B9BB09304F10411AE909AB112EB359A45CF51

                                Control-flow Graph

                                APIs
                                • ___set_flsgetvalue.LIBCMT ref: 0002AEFB
                                  • Part of subcall function 0002D34F: TlsGetValue.KERNEL32(?,0002AF00), ref: 0002D358
                                  • Part of subcall function 0002D34F: DecodePointer.KERNEL32(?,0002AF00), ref: 0002D36A
                                  • Part of subcall function 0002D34F: TlsSetValue.KERNEL32(00000000,?,0002AF00), ref: 0002D379
                                • ___fls_getvalue@4.LIBCMT ref: 0002AF06
                                  • Part of subcall function 0002D32F: TlsGetValue.KERNEL32(?,?,0002AF0B,00000000), ref: 0002D33D
                                • ___fls_setvalue@8.LIBCMT ref: 0002AF19
                                  • Part of subcall function 0002D383: DecodePointer.KERNEL32(?,?,?,0002AF1E,00000000,?,00000000), ref: 0002D394
                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 0002AF22
                                • ExitThread.KERNEL32 ref: 0002AF29
                                • GetCurrentThreadId.KERNEL32 ref: 0002AF2F
                                • __freefls@4.LIBCMT ref: 0002AF4F
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                • String ID:
                                • API String ID: 2383549826-0
                                • Opcode ID: 3596894f8474d5d9b675ad947b46dac075495c4b070b4a1126c309267f5a67f3
                                • Instruction ID: 687a97cada28ad23bd9654f960987f39e0923473572f5df950db15ddc1489c3f
                                • Opcode Fuzzy Hash: 3596894f8474d5d9b675ad947b46dac075495c4b070b4a1126c309267f5a67f3
                                • Instruction Fuzzy Hash: 6AF036B45006A0EFD748FFA1E949C8E7BADAF853443158456F808D7213DB3DDD4687A2

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 730 6b93b2cd-6b93b2f7 RegOpenKeyExW 731 6b93b344-6b93b348 730->731 732 6b93b2f9-6b93b31c RegQueryValueExW 730->732 733 6b93b33b-6b93b33e RegCloseKey 732->733 734 6b93b31e-6b93b326 732->734 733->731 735 6b93b328 734->735 736 6b93b32e-6b93b339 call 6b963e50 734->736 735->736 736->733
                                APIs
                                • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows,00000000,00000001,00000000), ref: 6B93B2EF
                                • RegQueryValueExW.KERNEL32(00000000,GDIProcessHandleQuota,00000000,00000000,?,?), ref: 6B93B314
                                • RegCloseKey.ADVAPI32(00000000), ref: 6B93B33E
                                Strings
                                • GDIProcessHandleQuota, xrefs: 6B93B305
                                • SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6B93B2E0
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: CloseOpenQueryValue
                                • String ID: GDIProcessHandleQuota$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
                                • API String ID: 3677997916-3108655066
                                • Opcode ID: f9feadfcffcbb31b9788e67ea2b2a904ae377a55c71a2512f6823985a33c9606
                                • Instruction ID: 6afa4bdf85e37975f878f30b0eb37f2728e03ce9165d0e617f5d0322d6a9d429
                                • Opcode Fuzzy Hash: f9feadfcffcbb31b9788e67ea2b2a904ae377a55c71a2512f6823985a33c9606
                                • Instruction Fuzzy Hash: FE013C75E08218FBEF209BA4CC0AB9E7BB9EB45744F2040A4FA02E6181F774DA04D724

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 739 243ef-243f7 740 24431-24435 739->740 741 243f9-24406 GetModuleHandleA 739->741 745 2443b-2443c 740->745 742 24408-2440b 741->742 743 2440c-24420 GetProcAddress 741->743 743->740 744 24422-2442f call 23ba3 743->744 744->742
                                APIs
                                • GetModuleHandleA.KERNEL32(jvm.dll,?,00021502,?,sun/launcher/LauncherHelper,00021530,?,?), ref: 000243FE
                                • GetProcAddress.KERNEL32(00000000,JVM_FindClassFromBootLoader), ref: 00024413
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: AddressHandleModuleProc
                                • String ID: Error: loading: %s$JVM_FindClassFromBootLoader$jvm.dll
                                • API String ID: 1646373207-1240634009
                                • Opcode ID: caf8a8110edcaa2ab62dc78f17dc7f81923d01a8e13c6ef69cb644bf990bfe71
                                • Instruction ID: eb1f8cc9e4943907558e3dbee597c2b005733f9e554158cf92ce68474c39f5f3
                                • Opcode Fuzzy Hash: caf8a8110edcaa2ab62dc78f17dc7f81923d01a8e13c6ef69cb644bf990bfe71
                                • Instruction Fuzzy Hash: 7DE0D831209271EF7B567BB5BC04E8B3FDCAF917667108016F509E2010E738DD004A61
                                APIs
                                • _strlen.LIBCMT ref: 00021523
                                  • Part of subcall function 00023BA3: _vwprintf.LIBCMT ref: 00023BB8
                                  • Part of subcall function 00023BA3: _vswprintf_s.LIBCMT ref: 00023BD3
                                  • Part of subcall function 00023BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00023BE9
                                Strings
                                • makePlatformString, xrefs: 00021592
                                • (Z[B)Ljava/lang/String;, xrefs: 0002158D
                                • Error: A JNI error has occurred, please check your installation and try again, xrefs: 00021539, 000215AA
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Message_strlen_vswprintf_s_vwprintf
                                • String ID: (Z[B)Ljava/lang/String;$Error: A JNI error has occurred, please check your installation and try again$makePlatformString
                                • API String ID: 1165818999-1765258479
                                • Opcode ID: 60f1b91031a10a71f3800c1f58f0047c392c05e8a1e1580c685d7d9c78a97121
                                • Instruction ID: d626e181ce16f63ca545a85663b33efcc27048620cb56119aa987f91b25c4b44
                                • Opcode Fuzzy Hash: 60f1b91031a10a71f3800c1f58f0047c392c05e8a1e1580c685d7d9c78a97121
                                • Instruction Fuzzy Hash: E221C835204A21EFD7619FA5EC48EDE37FCEF95709F1000A9F942DA252D774CA408B54
                                APIs
                                • __stat64i32.LIBCMT ref: 0002479E
                                  • Part of subcall function 00023B5D: _vswprintf_s.LIBCMT ref: 00023B7D
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __stat64i32_vswprintf_s
                                • String ID: %s\bin\%s\jvm.dll$%s\jvm.dll
                                • API String ID: 2146080085-3784575571
                                • Opcode ID: 2cd3c138f08f8cd1ea104efaef8da7059799b0b7318f2edbae99d20aba2377f6
                                • Instruction ID: 918e2f69249ea746d054740767160c14e7ce0e720f60b0f313801a0f8360bb64
                                • Opcode Fuzzy Hash: 2cd3c138f08f8cd1ea104efaef8da7059799b0b7318f2edbae99d20aba2377f6
                                • Instruction Fuzzy Hash: 43F0F6716052297ABA01BA64BC43DFF3BECCF07750F50001AF506990C3EF34DA025166
                                APIs
                                  • Part of subcall function 0002AB01: __getptd_noexit.LIBCMT ref: 0002AB01
                                • __lock_file.LIBCMT ref: 00029CA0
                                  • Part of subcall function 00029B0E: __lock.LIBCMT ref: 00029B33
                                • __fclose_nolock.LIBCMT ref: 00029CAB
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                • String ID:
                                • API String ID: 2800547568-0
                                • Opcode ID: e176d8988c2fa02609d224f5f2e28411cdb4a0c615ceea8dcdb4191e07408348
                                • Instruction ID: 839c84e9695c2e0c0c385c25520933c46b55c8a1ac8bab7399761870f903856e
                                • Opcode Fuzzy Hash: e176d8988c2fa02609d224f5f2e28411cdb4a0c615ceea8dcdb4191e07408348
                                • Instruction Fuzzy Hash: DAF0B470901735DAEB22AB75F802BEE7BE06F01335F318305E425AE0D3CB789A019B55
                                APIs
                                • __getptd.LIBCMT ref: 0002AEC0
                                  • Part of subcall function 0002D50A: __getptd_noexit.LIBCMT ref: 0002D50D
                                  • Part of subcall function 0002D50A: __amsg_exit.LIBCMT ref: 0002D51A
                                  • Part of subcall function 0002AE95: __getptd_noexit.LIBCMT ref: 0002AE9A
                                  • Part of subcall function 0002AE95: __freeptd.LIBCMT ref: 0002AEA4
                                  • Part of subcall function 0002AE95: ExitThread.KERNEL32 ref: 0002AEAD
                                • __XcptFilter.LIBCMT ref: 0002AEE1
                                  • Part of subcall function 0002EF45: __getptd_noexit.LIBCMT ref: 0002EF4B
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __getptd_noexit$ExitFilterThreadXcpt__amsg_exit__freeptd__getptd
                                • String ID:
                                • API String ID: 418257734-0
                                • Opcode ID: e786191d4bfe25f6747c8cebd7148e738f6fb592110185bf62dccad3d24d43a8
                                • Instruction ID: af554f4cc0c093b6ca56cd232a80ef53bd57843b7b911a62cfd1c3f00f33c931
                                • Opcode Fuzzy Hash: e786191d4bfe25f6747c8cebd7148e738f6fb592110185bf62dccad3d24d43a8
                                • Instruction Fuzzy Hash: 0BE0ECB1A446109FEB19FBA0E916EAE7775AF45301F210099F1015B2A3CE759D419A21
                                APIs
                                • __lock.LIBCMT ref: 00038893
                                  • Part of subcall function 0002CEAC: __mtinitlocknum.LIBCMT ref: 0002CEC2
                                  • Part of subcall function 0002CEAC: __amsg_exit.LIBCMT ref: 0002CECE
                                  • Part of subcall function 0002CEAC: EnterCriticalSection.KERNEL32(?,?,?,0002D5B5,0000000D,00042790,00000008,0002AF54,?,00000000), ref: 0002CED6
                                • __tzset_nolock.LIBCMT ref: 000388A4
                                  • Part of subcall function 0003819A: __lock.LIBCMT ref: 000381BC
                                  • Part of subcall function 0003819A: ____lc_codepage_func.LIBCMT ref: 00038203
                                  • Part of subcall function 0003819A: __getenv_helper_nolock.LIBCMT ref: 00038225
                                  • Part of subcall function 0003819A: _free.LIBCMT ref: 0003825C
                                  • Part of subcall function 0003819A: _strlen.LIBCMT ref: 00038263
                                  • Part of subcall function 0003819A: __malloc_crt.LIBCMT ref: 0003826A
                                  • Part of subcall function 0003819A: _strlen.LIBCMT ref: 00038280
                                  • Part of subcall function 0003819A: _strcpy_s.LIBCMT ref: 0003828E
                                  • Part of subcall function 0003819A: __invoke_watson.LIBCMT ref: 000382A3
                                  • Part of subcall function 0003819A: _free.LIBCMT ref: 000382B2
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
                                • String ID:
                                • API String ID: 1828324828-0
                                • Opcode ID: 7aa8b24920079b7953b33731d9917b1b73dd313be1758134480a33e393104460
                                • Instruction ID: 9bc50c072e80fd6b3172d61cc796b12ee461f83ad505f07bc9591347376a9793
                                • Opcode Fuzzy Hash: 7aa8b24920079b7953b33731d9917b1b73dd313be1758134480a33e393104460
                                • Instruction Fuzzy Hash: FBE0C2744817B0E7E767BFA06A1259CB3A46B46B23FA1819AF511160D3CF390A05C796
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _memset
                                • String ID:
                                • API String ID: 2102423945-0
                                • Opcode ID: 788b53cbcde18e15b00b1868fd466babfb65cd6495f2befcf16f9c286e6594b3
                                • Instruction ID: 1a82f3417d38297c3e93d0e588a6b25e08ba4fbe44b0ce5ff337e2e54223f02a
                                • Opcode Fuzzy Hash: 788b53cbcde18e15b00b1868fd466babfb65cd6495f2befcf16f9c286e6594b3
                                • Instruction Fuzzy Hash: E411C2B1A00319AFCB40DF98D941ADEB7F8BB08304F004426F918EB201E774EA158BA1
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __waccess_s
                                • String ID:
                                • API String ID: 4272103461-0
                                • Opcode ID: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                • Instruction ID: cf9177a7784404d9bd08ba1de6c37cd835bfa21aac0584c66d42615f64bbdc23
                                • Opcode Fuzzy Hash: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                • Instruction Fuzzy Hash: FBC09B3315411D7F9F055DF5FC01C553F59D7817707104115F91DC9891DD32D5515541
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __fsopen
                                • String ID:
                                • API String ID: 3646066109-0
                                • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                • Instruction ID: c9eb10352a1be808aa30796c781a7d8afcf3ed1429eb589236bd4c0041bbd191
                                • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                • Instruction Fuzzy Hash: 99C0927284420C77DF112A82EC02E8A3F1A9BC0760F058020FB1C1D162AA73EA619689
                                APIs
                                  • Part of subcall function 00023904: _malloc.LIBCMT ref: 00023908
                                  • Part of subcall function 00023904: _perror.LIBCMT ref: 00023917
                                • FindFirstFileA.KERNEL32(?,00000008,00000000,00000000,?), ref: 0002524E
                                • FindNextFileA.KERNEL32(00000000,000454C0), ref: 00025289
                                • _strlen.LIBCMT ref: 000252A4
                                • _strlen.LIBCMT ref: 000252F2
                                • _strlen.LIBCMT ref: 000252FA
                                • _memmove.LIBCMT ref: 00025315
                                • _memmove.LIBCMT ref: 00025328
                                • FindClose.KERNEL32(00000000), ref: 0002534E
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Find_strlen$File_memmove$CloseFirstNext_malloc_perror
                                • String ID: JAR$jar
                                • API String ID: 3211738383-1396542530
                                • Opcode ID: 2c9202c5c1f74b0047434b6897bc7eb3b629e8a55378df4a847e9b2f16b9f63b
                                • Instruction ID: 1b1d0561dcb6a10de1301d990c4d5bee6657546419fe62c817f6af0140e2b937
                                • Opcode Fuzzy Hash: 2c9202c5c1f74b0047434b6897bc7eb3b629e8a55378df4a847e9b2f16b9f63b
                                • Instruction Fuzzy Hash: 31312371600624FBDB10AF74EC86AAEBBECEF46725F204029F405EA183DB75D944CB18
                                APIs
                                • __wgetenv.LIBCMT ref: 00021013
                                • GetCommandLineA.KERNEL32 ref: 00021053
                                  • Part of subcall function 00028A72: __stbuf.LIBCMT ref: 00028AC0
                                  • Part of subcall function 00028A72: __ftbuf.LIBCMT ref: 00028AE9
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: CommandLine__ftbuf__stbuf__wgetenv
                                • String ID: 1.8$1.8.0_101-b13$Windows original main args:$_JAVA_LAUNCHER_DEBUG$wwwd_args[%d] = %s
                                • API String ID: 1994048314-67548272
                                • Opcode ID: e4f47c172649e9db2d6bc14ba2c096b21f3ecd34bf5a031e4fcc76fbc65077b6
                                • Instruction ID: a0744685dae2afb5ba7932406d83ceb644faf61c6f0c99fed1a69ba6e3c2a2d8
                                • Opcode Fuzzy Hash: e4f47c172649e9db2d6bc14ba2c096b21f3ecd34bf5a031e4fcc76fbc65077b6
                                • Instruction Fuzzy Hash: D92129B56002346FE3146FE4FCC6CAB779CE746715B51002DF640CB113EA76AD508BA0
                                APIs
                                • IsDebuggerPresent.KERNEL32 ref: 00031497
                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 000314AC
                                • UnhandledExceptionFilter.KERNEL32(00041358), ref: 000314B7
                                • GetCurrentProcess.KERNEL32(C0000409), ref: 000314D3
                                • TerminateProcess.KERNEL32(00000000), ref: 000314DA
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                • String ID:
                                • API String ID: 2579439406-0
                                • Opcode ID: 95a463916405d592adeeca70b8cb0a8d7105439e23b6dcdb119041d352ad454a
                                • Instruction ID: c368a108b49dcf9fa121e7fabce368deac5e40b1264fbfafd22f9a89b93429e0
                                • Opcode Fuzzy Hash: 95a463916405d592adeeca70b8cb0a8d7105439e23b6dcdb119041d352ad454a
                                • Instruction Fuzzy Hash: 2A21E2FC800204DFF721DF64FE886453BB4BB0B301F104059EA0997261E7BE59898F1A
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Message_vswprintf_s_vwprintf
                                • String ID: %s full version "%s"$-Dsun.java.launcher.diag=true$-X%s$-Xdebug$-Xdiag$-Xfuture$-Xnoclassgc$-Xrunhprof:cpu=old,file=%s$-Xrunhprof:cpu=old,file=java.prof$-XshowSettings$-XshowSettings:$-Xt$-Xtm$-Xverify:all$-Xverify:none$-Xverify:remote$-checksource$-classpath$-cp$-cs$-d32$-d64$-debug$-fullversion$-help$-jar$-jre-restrict-search$-ms$-mx$-no-jre-restrict-search$-noasyncgc$-noclassgc$-noverify$-oss$-prof$-showversion$-splash:$-ss$-tm$-verbose:gc$-verbosegc$-verify$-verifyremote$-version$-version:$Error: %s requires class path specification$Error: %s requires jar file specification$Warning: %s option is no longer supported.
                                • API String ID: 1624507446-425787817
                                • Opcode ID: 77b7aeacb7a13311005ac32edd778aa71c8c10bcdbb374fb2f3766ce1704fade
                                • Instruction ID: aa03c02e50882f27b39104c4ac883c7852ab85d72892c305b66bebb5d1a02983
                                • Opcode Fuzzy Hash: 77b7aeacb7a13311005ac32edd778aa71c8c10bcdbb374fb2f3766ce1704fade
                                • Instruction Fuzzy Hash: D4B1867624C73279B6266A64BC43E9F27CC9F16375F34002AF901FD1C2EFA59981C269
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: wcsstr
                                • String ID: ANSI_CHARSET$ARABIC_CHARSET$BALTIC_CHARSET$CHINESEBIG5_CHARSET$DEFAULT_CHARSET$EASTEUROPE_CHARSET$GB2312_CHARSET$GREEK_CHARSET$HANGEUL_CHARSET$HEBREW_CHARSET$JOHAB_CHARSET$MAC_CHARSET$OEM_CHARSET$RUSSIAN_CHARSET$SHIFTJIS_CHARSET$SYMBOL_CHARSET$THAI_CHARSET$TURKISH_CHARSET$VIETNAMESE_CHARSET$WingDings
                                • API String ID: 2735924446-499274865
                                • Opcode ID: e376bbd9fe05977a15347f44168088db095774f7a0ea1910536660de8dd0d236
                                • Instruction ID: 85e0c726dee09aa9fbf3eefe81e459ec40c3aab57eda2f2b18c950a6ace0be79
                                • Opcode Fuzzy Hash: e376bbd9fe05977a15347f44168088db095774f7a0ea1910536660de8dd0d236
                                • Instruction Fuzzy Hash: A3412D2770C62724BA69217DBC51BBA479CCBC25B2B2084BFF610D55C0EF0DD48296B5
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen$_strcat$__strdup__wgetenv_memset_perror
                                • String ID: -Djava.awt.headless=$-Djava.awt.headless=true$-classpath$-cp$-jar$-jre-restrict-search$-no-jre-restrict-search$-splash:$-version:$Error: Invalid or corrupt jarfile %s$Error: Syntax error in version specification "%s"$Error: Unable to access jarfile %s$Error: Unable to locate JRE meeting specification "%s"$Error: main-class: attribute exceeds system limits of %d bytesError: A fatal exception has occurred. Program will exit.$JRE-Version = %s, JRE-Restrict-Search = %s Selected = %s$_JAVA_SPLASH_FILE=$_JAVA_SPLASH_JAR=$_JAVA_VERSION_SET$_JAVA_VERSION_SET=$false$null$true
                                • API String ID: 550220418-1483392412
                                • Opcode ID: b6716f29b74bb4678f04700ea215a104be7fdd45b740e935ccd19a31b68b89fe
                                • Instruction ID: 5e9dd58dc0de3b9fc766c6386ad847155a09c19e2a90f0466c00d133974d7546
                                • Opcode Fuzzy Hash: b6716f29b74bb4678f04700ea215a104be7fdd45b740e935ccd19a31b68b89fe
                                • Instruction Fuzzy Hash: B4B1C672D09239AEEB259BE4FC45BEDB7F8AF05724F20002AE404FB152EB749941CB50
                                APIs
                                • GetModuleFileNameA.KERNEL32(00000000,?,00000105,-00000004,00000000,?), ref: 0002405B
                                • _strlen.LIBCMT ref: 0002408E
                                  • Part of subcall function 00023B5D: _vswprintf_s.LIBCMT ref: 00023B7D
                                • GetCommandLineA.KERNEL32 ref: 000240BF
                                  • Part of subcall function 0002394B: __strdup.LIBCMT ref: 0002394F
                                  • Part of subcall function 0002394B: _perror.LIBCMT ref: 0002395E
                                • _strlen.LIBCMT ref: 000240DD
                                • _strlen.LIBCMT ref: 000240E8
                                  • Part of subcall function 00023904: _malloc.LIBCMT ref: 00023908
                                  • Part of subcall function 00023904: _perror.LIBCMT ref: 00023917
                                • _strcat.LIBCMT ref: 00024121
                                  • Part of subcall function 00023C26: GetLastError.KERNEL32 ref: 00023C3C
                                  • Part of subcall function 00023C26: FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 00023C54
                                  • Part of subcall function 00023C26: _vwprintf.LIBCMT ref: 00023CA6
                                  • Part of subcall function 00023C26: _strlen.LIBCMT ref: 00023CBA
                                  • Part of subcall function 00023C26: _vswprintf_s.LIBCMT ref: 00023CD3
                                  • Part of subcall function 00023C26: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00023CF8
                                  • Part of subcall function 00023C26: LocalFree.KERNEL32(?), ref: 00023D42
                                • _strcat.LIBCMT ref: 00024134
                                • _strncmp.LIBCMT ref: 000241AC
                                • _memset.LIBCMT ref: 000242E6
                                • _memset.LIBCMT ref: 000242F5
                                • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 00024313
                                • WaitForSingleObject.KERNEL32(?,000000FF,00000001), ref: 00024338
                                • GetExitCodeProcess.KERNEL32(?,?), ref: 0002434A
                                • CloseHandle.KERNEL32(?), ref: 0002436D
                                • CloseHandle.KERNEL32(?), ref: 00024372
                                  • Part of subcall function 00023971: _vwprintf.LIBCMT ref: 00023983
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen$CloseHandleMessageProcess_memset_perror_strcat_vswprintf_s_vwprintf$CodeCommandCreateErrorExitFileFormatFreeLastLineLocalModuleNameObjectSingleWait__strdup_malloc_strncmp
                                • String ID: %s\bin\%s.exe$-classpath$-cp$-jre-restrict-search$-no-jre-restrict-search$-version:$Error: CreateProcess(%s, ...) failed:$Error: Unable to resolve %s$Error: WaitForSingleObject() failed.$ExecJRE: new: %s$ExecJRE: old: %s$ReExec Args: %s$ReExec Command: %s (%s)
                                • API String ID: 160412451-2302492997
                                • Opcode ID: 4d6ee39d0993622d5e8ed0f7da9781bfd5b0bff20fba37770d0fed7efdbcd23d
                                • Instruction ID: 03d0c43eb21c09e22047c947c36ee34a451afa4d5fc399a2c38005a19eaf43e5
                                • Opcode Fuzzy Hash: 4d6ee39d0993622d5e8ed0f7da9781bfd5b0bff20fba37770d0fed7efdbcd23d
                                • Instruction Fuzzy Hash: BC915572D04225AAEF15ABB5BC46EEF7BBCEF09310F100416F601F6083EE699A45C765
                                APIs
                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00028CE3), ref: 0002D6C9
                                • __mtterm.LIBCMT ref: 0002D6D5
                                  • Part of subcall function 0002D3A0: DecodePointer.KERNEL32(00000005,0002D837,?,00028CE3), ref: 0002D3B1
                                  • Part of subcall function 0002D3A0: TlsFree.KERNEL32(00000002,0002D837,?,00028CE3), ref: 0002D3CB
                                • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0002D6EB
                                • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0002D6F8
                                • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0002D705
                                • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0002D712
                                • TlsAlloc.KERNEL32(?,00028CE3), ref: 0002D762
                                • TlsSetValue.KERNEL32(00000000,?,00028CE3), ref: 0002D77D
                                • __init_pointers.LIBCMT ref: 0002D787
                                • EncodePointer.KERNEL32(?,00028CE3), ref: 0002D798
                                • EncodePointer.KERNEL32(?,00028CE3), ref: 0002D7A5
                                • EncodePointer.KERNEL32(?,00028CE3), ref: 0002D7B2
                                • EncodePointer.KERNEL32(?,00028CE3), ref: 0002D7BF
                                • DecodePointer.KERNEL32(Function_0000D524,?,00028CE3), ref: 0002D7E0
                                • __calloc_crt.LIBCMT ref: 0002D7F5
                                • DecodePointer.KERNEL32(00000000,?,00028CE3), ref: 0002D80F
                                • __initptd.LIBCMT ref: 0002D81A
                                • GetCurrentThreadId.KERNEL32 ref: 0002D821
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Pointer$AddressEncodeProc$Decode$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                • API String ID: 3732613303-3819984048
                                • Opcode ID: 549a599822d06df0f74eac34bd869d33f68e5444033e951c3bc86b123099ff73
                                • Instruction ID: cd1552deb47e48a4b05872252cb44b6a612c28e2af0a59e4b2a53b1c47893299
                                • Opcode Fuzzy Hash: 549a599822d06df0f74eac34bd869d33f68e5444033e951c3bc86b123099ff73
                                • Instruction Fuzzy Hash: D53191B9844B21DBF751EF74BE09A193EE8EB46721700457BE554E22B2EB3C8800CF94
                                APIs
                                • GlobalAlloc.KERNEL32(00000040,6B94DDC0,?,00000002,00000000,00000000,6B94DDC0,00000000,?,?,00000000,?,?,?,?,6B94DDC0), ref: 6B94CBF6
                                • GlobalFree.KERNEL32(00000000), ref: 6B94CC19
                                • _control87.MSVCR100 ref: 6B94CC42
                                • _control87.MSVCR100 ref: 6B94CC5D
                                • _control87.MSVCR100 ref: 6B94CC6B
                                • GlobalAlloc.KERNEL32(00000042,?,?,?,?), ref: 6B94CC79
                                • GlobalLock.KERNEL32(00000000), ref: 6B94CC87
                                • _control87.MSVCR100 ref: 6B94CCA6
                                • _control87.MSVCR100 ref: 6B94CCB4
                                • GlobalUnlock.KERNEL32(?), ref: 6B94CCC1
                                • GlobalAlloc.KERNEL32(00000042,?,?,?,00000002,00000000,6B94DDC0,?,?,?,?,6B94DDC0,?,?,?), ref: 6B94CCD7
                                • GlobalFree.KERNEL32(00000000), ref: 6B94CCE5
                                • GlobalLock.KERNEL32(00000000), ref: 6B94CCEE
                                • GlobalFree.KERNEL32(?), ref: 6B94CD01
                                • GlobalFree.KERNEL32(00000000), ref: 6B94CD04
                                • memcpy.MSVCR100(00000000,?,?,?,?,?,6B94DDC0,?,?,?), ref: 6B94CD21
                                • GlobalUnlock.KERNEL32(?), ref: 6B94CD2C
                                • wcslen.MSVCR100 ref: 6B94CD43
                                • wcslen.MSVCR100 ref: 6B94CD4B
                                • wcslen.MSVCR100 ref: 6B94CD56
                                • GlobalAlloc.KERNEL32(00000042,?,?,?,?,?,?,?,?,?,?,6B94DDC0,?,?,?), ref: 6B94CD70
                                • GlobalLock.KERNEL32(00000000), ref: 6B94CD7A
                                • memcpy.MSVCR100(00000008,?,00000000,?,?,?,?,?,?,?,?,?,6B94DDC0,?,?,?), ref: 6B94CD94
                                • memcpy.MSVCR100(?,?,?,00000008,?,00000000,?,?,?,?,?,?,?,?,?,6B94DDC0), ref: 6B94CDB1
                                • memcpy.MSVCR100(?,?,?,?,?,?,00000008,?,00000000), ref: 6B94CDD2
                                • GlobalUnlock.KERNEL32(?), ref: 6B94CDE4
                                • GlobalFree.KERNEL32(00000000), ref: 6B94CDEB
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Global$Free_control87$Allocmemcpy$LockUnlockwcslen
                                • String ID:
                                • API String ID: 1392141960-0
                                • Opcode ID: a46c44366391cdc065bf5bea627d1fcc729bcf1d88e0e921ab60498a8745333a
                                • Instruction ID: 30464e3ed26cce4acc086e0f7b37ff1dbf11406d172b38a5e8a3e254b8a0851c
                                • Opcode Fuzzy Hash: a46c44366391cdc065bf5bea627d1fcc729bcf1d88e0e921ab60498a8745333a
                                • Instruction Fuzzy Hash: CA7169B1D04219BFEF009FB4CC859BEBBB8EB09359B10486AF914E2250E738D954DB60
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen$__wgetenv_sprintf$_malloc_perror_strcat
                                • String ID: -Dapplication.home=%s$-Denv.class.path=%s$-Djava.class.path=$CLASSPATH$Error: Could not determine application home.
                                • API String ID: 29729583-1614226486
                                • Opcode ID: eb27d09ef9de04e2e6e92683b3c18046372b6f46abcfc324734674573927ec0a
                                • Instruction ID: 6fb3e4a8c9a9904cd026270def13152a16f39e6726d3a862c916204b487b4799
                                • Opcode Fuzzy Hash: eb27d09ef9de04e2e6e92683b3c18046372b6f46abcfc324734674573927ec0a
                                • Instruction Fuzzy Hash: EB4184B3940538AADB21BEB4BCC2EEE77ACAF55314F140029F504E7103EF755A858BA5
                                APIs
                                • _malloc.LIBCMT ref: 00025C49
                                  • Part of subcall function 0002A029: __FF_MSGBANNER.LIBCMT ref: 0002A042
                                  • Part of subcall function 0002A029: __NMSG_WRITE.LIBCMT ref: 0002A049
                                  • Part of subcall function 0002A029: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7), ref: 0002A06E
                                • _free.LIBCMT ref: 00025C75
                                • __read.LIBCMT ref: 00025C87
                                • _free.LIBCMT ref: 00025C96
                                  • Part of subcall function 00028DD0: HeapFree.KERNEL32(00000000,00000000,?,0002D4FB,00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7), ref: 00028DE6
                                  • Part of subcall function 00028DD0: GetLastError.KERNEL32(00000000,?,0002D4FB,00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7,?), ref: 00028DF8
                                • _free.LIBCMT ref: 00025E69
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _free$Heap$AllocateErrorFreeLast__read_malloc
                                • String ID: _JAVA_SPLASH_FILE
                                • API String ID: 2809924035-1214838622
                                • Opcode ID: 1b7608ac0aeb938f69ed7915d4669e1db6809d1e4b1d2f2b273dc10f45fd1577
                                • Instruction ID: f22f8ce03f3299682e1831f5566dc383f6db493ade284ac8a3686722429ef697
                                • Opcode Fuzzy Hash: 1b7608ac0aeb938f69ed7915d4669e1db6809d1e4b1d2f2b273dc10f45fd1577
                                • Instruction Fuzzy Hash: A4913B709086741ADB3D4B7DACA45BEBFF49F85302B08466EF8E6D1182E53CD605DB24
                                APIs
                                • GetProcAddress.KERNEL32(?,00000000), ref: 00024F3B
                                  • Part of subcall function 000247B7: __stat64i32.LIBCMT ref: 00024812
                                • _strlen.LIBCMT ref: 00024E8D
                                • _strlen.LIBCMT ref: 00024E9A
                                • LoadLibraryA.KERNEL32(?,00000000,false,00000000), ref: 00024ECF
                                • LoadLibraryA.KERNEL32(?), ref: 00024EF0
                                • LoadLibraryA.KERNEL32(?), ref: 00024F0D
                                • GetProcAddress.KERNEL32(00000000,preloadStop), ref: 00024F1E
                                  • Part of subcall function 00023BA3: _vwprintf.LIBCMT ref: 00023BB8
                                  • Part of subcall function 00023BA3: _vswprintf_s.LIBCMT ref: 00023BD3
                                  • Part of subcall function 00023BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00023BE9
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: LibraryLoad$AddressProc_strlen$Message__stat64i32_vswprintf_s_vwprintf
                                • String ID: Error: Path length exceeds maximum length (PATH_MAX)$\bin\awt.dll$\bin\java.dll$\bin\verify.dll$false$preloadStop
                                • API String ID: 2711846210-2579839895
                                • Opcode ID: 8a55defed937fb900c702d6e2fed99cc1ec6e1b99485beed3d53919d9fcf97d7
                                • Instruction ID: ceb864f9bb0a1c4a279a459ba847d98b6ebe04c8c567a7a6b79ff75b75f6370b
                                • Opcode Fuzzy Hash: 8a55defed937fb900c702d6e2fed99cc1ec6e1b99485beed3d53919d9fcf97d7
                                • Instruction Fuzzy Hash: D13182729086198EEB65EFB5FC45BCE7BECAB45315F20002AE515E7182EB78D448CF24
                                APIs
                                  • Part of subcall function 000239B8: _strlen.LIBCMT ref: 000239BC
                                  • Part of subcall function 000239B8: _strncmp.LIBCMT ref: 000239CA
                                • _strlen.LIBCMT ref: 00021115
                                • _strlen.LIBCMT ref: 0002111D
                                • _strlen.LIBCMT ref: 0002112F
                                  • Part of subcall function 00023904: _malloc.LIBCMT ref: 00023908
                                  • Part of subcall function 00023904: _perror.LIBCMT ref: 00023917
                                • GetCurrentProcessId.KERNEL32 ref: 00021143
                                  • Part of subcall function 00023B5D: _vswprintf_s.LIBCMT ref: 00023B7D
                                  • Part of subcall function 00029007: __lock.LIBCMT ref: 00029015
                                  • Part of subcall function 00029007: __putenv_helper.LIBCMT ref: 00029024
                                • GetCurrentProcessId.KERNEL32(0000000A), ref: 00021175
                                  • Part of subcall function 00028A72: __stbuf.LIBCMT ref: 00028AC0
                                  • Part of subcall function 00028A72: __ftbuf.LIBCMT ref: 00028AE9
                                • __wgetenv.LIBCMT ref: 000211A4
                                • _free.LIBCMT ref: 000211B5
                                  • Part of subcall function 00028DD0: HeapFree.KERNEL32(00000000,00000000,?,0002D4FB,00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7), ref: 00028DE6
                                  • Part of subcall function 00028DD0: GetLastError.KERNEL32(00000000,?,0002D4FB,00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7,?), ref: 00028DF8
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen$CurrentProcess$ErrorFreeHeapLast__ftbuf__lock__putenv_helper__stbuf__wgetenv_free_malloc_perror_strncmp_vswprintf_s
                                • String ID: %s%d$%s%d=%s$-XX:NativeMemoryTracking=$TRACER_MARKER: NativeMemoryTracking: env var is %s$TRACER_MARKER: NativeMemoryTracking: got value %s$TRACER_MARKER: NativeMemoryTracking: putenv arg %s
                                • API String ID: 3768438103-269954147
                                • Opcode ID: 210881ec3adc47f8dc19604dfe3f070e5a5fd08e79a2e31b14818a3c70982bd8
                                • Instruction ID: 3f10c2b59de5ab80687fd3eec081677997146a2721eaec83a48313de99a42bc1
                                • Opcode Fuzzy Hash: 210881ec3adc47f8dc19604dfe3f070e5a5fd08e79a2e31b14818a3c70982bd8
                                • Instruction Fuzzy Hash: 2B1102729002387E9A12B7717C82CEF6AAC8F43BA4B108059FA00F7143EE789A118271
                                APIs
                                • __wgetenv.LIBCMT ref: 00022324
                                  • Part of subcall function 00023904: _malloc.LIBCMT ref: 00023908
                                  • Part of subcall function 00023904: _perror.LIBCMT ref: 00023917
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __wgetenv_malloc_perror
                                • String ID: -J-XXaltjvm=$-XXaltjvm=$-classpath$-cp$Default VM: %s$ERROR$Error: %s VM not supported$Error: Corrupt jvm.cfg file; cycle in alias list.$Error: Unable to resolve VM alias %s$JDK_ALTERNATE_VM$Warning: %s VM not supported; %s VM will be used
                                • API String ID: 2682589870-2532945928
                                • Opcode ID: cf2b5c500f2c898470670fd0b47c2edc26b10356a741ce392031112566569e2b
                                • Instruction ID: acda67a5e1cc304121892aeec2c17768041487bc6c4a32d72a963777c65d4c10
                                • Opcode Fuzzy Hash: cf2b5c500f2c898470670fd0b47c2edc26b10356a741ce392031112566569e2b
                                • Instruction Fuzzy Hash: 8C710271A00A39FFDB21DFA8E881A6D77E4EB06318F108099E945EB252D771EE41CB40
                                APIs
                                • GetLastError.KERNEL32(00000000,00000000,00000000,?,?,6B9463E6,00000000,?,00000000), ref: 6B946A12
                                • wcslen.MSVCR100 ref: 6B946A23
                                • _CxxThrowException.MSVCR100(00000000,6B989388), ref: 6B946A53
                                • JNU_NewObjectByName.JAVA(?,java/lang/OutOfMemoryError,(Ljava/lang/String;)V,00000000,00000000,6B989388,?,6B9463E6,00000000,?,00000000), ref: 6B946A64
                                • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000400,00000000,00000000,00000000,?,?,6B9463E6,00000000,?,00000000), ref: 6B946A82
                                • wcslen.MSVCR100 ref: 6B946A8B
                                • JNU_NewObjectByName.JAVA(?,java/lang/InternalError,(Ljava/lang/String;)V,00000000,?,6B9463E6,00000000,?,00000000), ref: 6B946AB4
                                • LocalFree.KERNEL32(00000000), ref: 6B946AC1
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: NameObjectwcslen$ErrorExceptionFormatFreeLastLocalMessageThrow
                                • String ID: (Ljava/lang/String;)V$java/lang/InternalError$java/lang/OutOfMemoryError$too many menu handles
                                • API String ID: 633141992-867821964
                                • Opcode ID: 8ae7e38c25e948cee49315b22e2307914afcc15d7dc0baef644ff7f58efe1889
                                • Instruction ID: 4eb3974e976adc8d7fd05df0ebdfbc15be5620ccf48041d23f8f0d4a9739a32b
                                • Opcode Fuzzy Hash: 8ae7e38c25e948cee49315b22e2307914afcc15d7dc0baef644ff7f58efe1889
                                • Instruction Fuzzy Hash: 1E21BDB6505104BFDB129FA4CC88CEF7B7CEF8A255B1188A9F90197201EB79DD05CB61
                                APIs
                                • __EH_prolog3_catch_GS.LIBCMT ref: 6B92CBC4
                                  • Part of subcall function 6B95F49D: _JNU_GetEnv@8.JAVA(6C975A58,00010002,6B95A2EA,00000004,6B8C7083,?,00000020,?,00000020,?), ref: 6B95F4AC
                                  • Part of subcall function 6B954450: GetCurrentThreadId.KERNEL32 ref: 6B95448B
                                  • Part of subcall function 6B954450: _CxxThrowException.MSVCR100(?,6B989788), ref: 6B9544A7
                                  • Part of subcall function 6B954450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B989788), ref: 6B9544B6
                                  • Part of subcall function 6B954450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9544BD
                                • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B92CCC0
                                • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B92CD40
                                • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B92CD8E
                                • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B92CDB5
                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,0000002C), ref: 6B92CDF0
                                • free.MSVCR100 ref: 6B92CE57
                                • _CxxThrowException.MSVCR100(?,6B989388), ref: 6B92D08D
                                • free.MSVCR100 ref: 6B92D0C8
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: ErrorLast$ExceptionThrowfree$CreateCurrentEnv@8EventH_prolog3_catch_ObjectSingleThreadWait
                                • String ID:
                                • API String ID: 1826456516-0
                                • Opcode ID: 5b386bea6e095379d400970e04cbba4a8a6c68fe38737aaa580d7af4297790b6
                                • Instruction ID: f4a0b062a8f400119fa83bbe54673919a5f2a72702ff5abfcadc57e86f7a3498
                                • Opcode Fuzzy Hash: 5b386bea6e095379d400970e04cbba4a8a6c68fe38737aaa580d7af4297790b6
                                • Instruction Fuzzy Hash: 68024871D55219EFDB118FA4C988BEEBFB8FF09710F20002AF904A6254D779D941CBA1
                                APIs
                                  • Part of subcall function 6B8FAA50: J2dTraceImpl.AWT(00000001,00000001,OGLContext_IsExtensionAvailable: extension string is null,00000000,?,6B8FAD05,00000000,GL_ARB_fragment_shader), ref: 6B8FAA68
                                  • Part of subcall function 6B8FAA50: strlen.MSVCR100 ref: 6B8FAA79
                                  • Part of subcall function 6B8FAA50: strcspn.MSVCR100 ref: 6B8FAA96
                                  • Part of subcall function 6B8FAA50: strlen.MSVCR100 ref: 6B8FAA9F
                                  • Part of subcall function 6B8FAA50: strncmp.MSVCR100 ref: 6B8FAAAE
                                  • Part of subcall function 6B8FAA50: J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsExtensionAvailable: %s=%s,?,false,00000000,6B91D391,?,?,?,?,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B8FAAD7
                                • _JNU_GetStaticFieldByName@20.JAVA(?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B969480,?,?,?,?,?,?,6B8FAD71,?,00000000), ref: 6B8FAB2D
                                • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsFBObjectExtensionAvailable: disabled via flag,?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B969480,?,?,?,?,?,?,6B8FAD71,?), ref: 6B8FAB43
                                  • Part of subcall function 6B90EA57: _J2dTraceInit@0.AWT(?,6B8B4EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B90EA63
                                  • Part of subcall function 6B90EA57: fprintf.MSVCR100 ref: 6B90EABA
                                  • Part of subcall function 6B90EA57: vfprintf.MSVCR100 ref: 6B90EACB
                                  • Part of subcall function 6B90EA57: fprintf.MSVCR100 ref: 6B90EAE5
                                  • Part of subcall function 6B90EA57: fflush.MSVCR100 ref: 6B90EAEF
                                • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsFBObjectExtensionAvailable: fbobject unsupported,?,?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B969480,?,?,?,?,?,?,6B8FAD71), ref: 6B8FABE6
                                • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsFBObjectExtensionAvailable: fbobject supported,?,?,?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B969480), ref: 6B8FAC2F
                                Strings
                                • sun/java2d/opengl/OGLSurfaceData, xrefs: 6B8FAB25
                                • OGLContext_IsFBObjectExtensionAvailable: disabled via flag, xrefs: 6B8FAB3A
                                • isFBObjectEnabled, xrefs: 6B8FAB20
                                • GL_EXT_framebuffer_object, xrefs: 6B8FAAF3
                                • GL_ARB_depth_texture, xrefs: 6B8FAB05
                                • OGLContext_IsFBObjectExtensionAvailable: fbobject supported, xrefs: 6B8FAC26
                                • OGLContext_IsFBObjectExtensionAvailable: fbobject unsupported, xrefs: 6B8FABDD
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Trace$Impl$fprintfstrlen$FieldInit@0Name@20Staticfflushstrcspnstrncmpvfprintf
                                • String ID: GL_ARB_depth_texture$GL_EXT_framebuffer_object$OGLContext_IsFBObjectExtensionAvailable: disabled via flag$OGLContext_IsFBObjectExtensionAvailable: fbobject supported$OGLContext_IsFBObjectExtensionAvailable: fbobject unsupported$isFBObjectEnabled$sun/java2d/opengl/OGLSurfaceData
                                • API String ID: 554788551-3888500106
                                • Opcode ID: 5f348e8dbc0c5b20c46c9296a9713acb5263d19586535df892bf92bc7dff9142
                                • Instruction ID: 96a5da2b618eefa24472a60a2da07f839f5b05f1b2a7c5e4fe56e547448c9c49
                                • Opcode Fuzzy Hash: 5f348e8dbc0c5b20c46c9296a9713acb5263d19586535df892bf92bc7dff9142
                                • Instruction Fuzzy Hash: F831E5756943007FFA107BA08C9BFDE3764AF99B04F100468F745AE0C1E6EAE10987B6
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: fabs$Transform_transform@12
                                • String ID:
                                • API String ID: 3810233683-0
                                • Opcode ID: c6484a7b2245efdca3e279eb54ce4473952442c8fda6733feb0c46404c620543
                                • Instruction ID: 463f538ec8f32395075da4db836c4eae0ee02ca43aa8e58fedfea71bf36cba5d
                                • Opcode Fuzzy Hash: c6484a7b2245efdca3e279eb54ce4473952442c8fda6733feb0c46404c620543
                                • Instruction Fuzzy Hash: 5151B371818A44FBD740BF68D594A9ABBF8FF85344F80596DF8C801260EF35D068CB52
                                Strings
                                • Warning: app args parsing error, xrefs: 000245C9
                                • passing arguments as-is., xrefs: 00024590
                                • expandArgs, xrefs: 000246D9
                                • passing arguments as-is, xrefs: 000245D3
                                • Warning: app args is larger than the original, %d %d, xrefs: 00024586
                                • %s, xrefs: 00024676
                                • Error: A JNI error has occurred, please check your installation and try again, xrefs: 00024537, 000246EF
                                • ([Ljava/lang/String;)[Ljava/lang/String;, xrefs: 000246D4
                                • %c%s, xrefs: 0002465D
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Message_vswprintf_s_vwprintf
                                • String ID: %c%s$%s$([Ljava/lang/String;)[Ljava/lang/String;$Error: A JNI error has occurred, please check your installation and try again$Warning: app args is larger than the original, %d %d$Warning: app args parsing error$expandArgs$passing arguments as-is$passing arguments as-is.
                                • API String ID: 1624507446-1045827887
                                • Opcode ID: 82218153c7f0c7ad4ce974e8fc820d36b0499b5402a67bb4fd2e8e91f5b7b793
                                • Instruction ID: 599504900c89b57461f179f978f4d4a8024a3c1fa3b1064b75cf30f8125967ad
                                • Opcode Fuzzy Hash: 82218153c7f0c7ad4ce974e8fc820d36b0499b5402a67bb4fd2e8e91f5b7b793
                                • Instruction Fuzzy Hash: B8512671D04139BFCB12AFE4FC469EEBBB8EF05350F10405AF941A6143DB759A418B62
                                APIs
                                  • Part of subcall function 6B923B9F: GetCurrentThreadId.KERNEL32 ref: 6B923B9F
                                • _JNU_GetEnv@8.JAVA(00010002), ref: 6B926AF9
                                • _JNU_ThrowNullPointerException@8.JAVA(?,null pData,?,00010002), ref: 6B926B75
                                • ??3@YAXPAX@Z.MSVCR100(?,?,00010002), ref: 6B926CC8
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: ??3@CurrentEnv@8Exception@8NullPointerThreadThrow
                                • String ID: null pData$peer
                                • API String ID: 1717875540-751156914
                                • Opcode ID: c810c0755f985899391187927cc546a67b4c1919ac217eb1384216418045d87a
                                • Instruction ID: f3019cfd204438422eefb19ff764372fd1edcd46016297cbc8765a6f3cf08de5
                                • Opcode Fuzzy Hash: c810c0755f985899391187927cc546a67b4c1919ac217eb1384216418045d87a
                                • Instruction Fuzzy Hash: 52713471D14308AFEF209FF4C888A9EBBB9EF49314F20416AE515AB658E735E845CF50
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __lseeki64$__read_free$___lock_fhandle__lseeki64_nolock_malloc_memmove
                                • String ID: _JAVA_SPLASH_FILE
                                • API String ID: 1537261635-1214838622
                                • Opcode ID: c951dbccd2ab2ccf7145bf24b500b455c70aeb8d26040207642a5d2a09759887
                                • Instruction ID: 088eea554c20085ec4398329046b35f322418fefd2b3e2ade8332299e38d681e
                                • Opcode Fuzzy Hash: c951dbccd2ab2ccf7145bf24b500b455c70aeb8d26040207642a5d2a09759887
                                • Instruction Fuzzy Hash: E951B031E04D35F6EB251A287C857BE7BF6DF80362F148169FC22E6182EA70DE009754
                                APIs
                                • __lseeki64.LIBCMT ref: 000255C0
                                • _malloc.LIBCMT ref: 000255DF
                                • __read.LIBCMT ref: 000255F7
                                • _malloc.LIBCMT ref: 0002565D
                                  • Part of subcall function 0002A029: __FF_MSGBANNER.LIBCMT ref: 0002A042
                                  • Part of subcall function 0002A029: __NMSG_WRITE.LIBCMT ref: 0002A049
                                  • Part of subcall function 0002A029: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7), ref: 0002A06E
                                • _free.LIBCMT ref: 0002568A
                                • _free.LIBCMT ref: 00025682
                                  • Part of subcall function 00028DD0: HeapFree.KERNEL32(00000000,00000000,?,0002D4FB,00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7), ref: 00028DE6
                                  • Part of subcall function 00028DD0: GetLastError.KERNEL32(00000000,?,0002D4FB,00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7,?), ref: 00028DF8
                                • _free.LIBCMT ref: 0002569B
                                • _free.LIBCMT ref: 000256C2
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _free$Heap_malloc$AllocateErrorFreeLast__lseeki64__read
                                • String ID: 1.2.8$_JAVA_SPLASH_FILE
                                • API String ID: 3852694377-2039201388
                                • Opcode ID: b64b9d3b64be4ba92b5a229ad257b3100baa525a30aaeda738b4c4bb16ae6627
                                • Instruction ID: 5a5a5be880d4652cfc4a9f57a93912954ae4cc9c3cd81823098458715d32c87f
                                • Opcode Fuzzy Hash: b64b9d3b64be4ba92b5a229ad257b3100baa525a30aaeda738b4c4bb16ae6627
                                • Instruction Fuzzy Hash: FE311C31A04B15AFCB259F64FC8999E77F8EF54322F60452EF854D7291EB31E8008B14
                                APIs
                                  • Part of subcall function 0002AB01: __getptd_noexit.LIBCMT ref: 0002AB01
                                • GetLastError.KERNEL32 ref: 00023C3C
                                • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 00023C54
                                • _vwprintf.LIBCMT ref: 00023CA6
                                • _strlen.LIBCMT ref: 00023CBA
                                • _vswprintf_s.LIBCMT ref: 00023CD3
                                • MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00023CF8
                                • _vfwprintf.LIBCMT ref: 00023D14
                                • _fprintf.LIBCMT ref: 00023D32
                                • LocalFree.KERNEL32(?), ref: 00023D42
                                Strings
                                • Java Virtual Machine Launcher, xrefs: 00023CF1
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Message$ErrorFormatFreeLastLocal__getptd_noexit_fprintf_strlen_vfwprintf_vswprintf_s_vwprintf
                                • String ID: Java Virtual Machine Launcher
                                • API String ID: 389823976-898708411
                                • Opcode ID: 68ae3f39f4993aaa55c6d0a2a5e11eccbd2d6df90b0d570ef8918f223fd8760e
                                • Instruction ID: 5ab1522e8f0eb62303c85f2fdb414cb621748f80057759193ef265df4b6fcc7b
                                • Opcode Fuzzy Hash: 68ae3f39f4993aaa55c6d0a2a5e11eccbd2d6df90b0d570ef8918f223fd8760e
                                • Instruction Fuzzy Hash: 6431ABB28452E47EEB12AB90BC45EEE7FAC9F02350F144099F401BB153DA7A4F85C751
                                APIs
                                • __wopen.LIBCMT ref: 00025FEE
                                  • Part of subcall function 00025C27: _malloc.LIBCMT ref: 00025C49
                                • __close.LIBCMT ref: 0002604D
                                  • Part of subcall function 00025F2A: _strpbrk.LIBCMT ref: 00025F52
                                • __close.LIBCMT ref: 00026110
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __close$__wopen_malloc_strpbrk
                                • String ID: JRE-Restrict-Search$JRE-Version$Main-Class$Manifest-Version$Splashscreen-Image$true
                                • API String ID: 2265373541-795735454
                                • Opcode ID: 52836292173533ae9c5c7f0bc4ae19696515b7dc6d17553708ed9341a8239615
                                • Instruction ID: f25166ba2a7066f14d9807630d8b1f0f64d0180eb54d0afb5e4d9204f42a0c56
                                • Opcode Fuzzy Hash: 52836292173533ae9c5c7f0bc4ae19696515b7dc6d17553708ed9341a8239615
                                • Instruction Fuzzy Hash: EA310A32508636AEDB229B64FC919DF77ECDF05320F200166F901EA182EF729A409794
                                APIs
                                • RegEnumKeyA.ADVAPI32(80000001,00000000,?,00000104), ref: 00023DCA
                                • RegEnumKeyA.ADVAPI32(?,?,?,00000104), ref: 00023E1A
                                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020019,?), ref: 00023E38
                                • RegCloseKey.ADVAPI32(?), ref: 00023E51
                                • RegQueryValueExA.ADVAPI32(?,JavaHome,00000000,00000000,?,?), ref: 00023E74
                                • RegCloseKey.ADVAPI32(?), ref: 00023E86
                                  • Part of subcall function 000262D9: _strpbrk.LIBCMT ref: 00026311
                                  • Part of subcall function 000262D9: _strpbrk.LIBCMT ref: 0002632D
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: CloseEnum_strpbrk$OpenQueryValue
                                • String ID: JavaHome
                                • API String ID: 3676537333-2033683150
                                • Opcode ID: eb8ac95f03dac6d008e26170b973819e54135224df6a4bb1ece39956800dec7f
                                • Instruction ID: e5284a9b05716ba8c89be908ecec1cc17f4ecf15c23c7bc4183f50ffb6654dce
                                • Opcode Fuzzy Hash: eb8ac95f03dac6d008e26170b973819e54135224df6a4bb1ece39956800dec7f
                                • Instruction Fuzzy Hash: 43317E729002289EEF259BB5EC84EDE77BCEF45710F21012AF509E7052EB749A49CF20
                                APIs
                                • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C975A58,00010002), ref: 6B8CAC6C
                                • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C975A58,00010002), ref: 6B8CAC73
                                • ?EndScene@D3DContext@@QAEJXZ.AWT(6C975A58,00010002), ref: 6B8CACC2
                                • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B8CACD6
                                • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B8CAD08
                                • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C975A58,00010002), ref: 6B8CAD21
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                • String ID: ()V$run
                                • API String ID: 1221654457-1990820779
                                • Opcode ID: 42e713664e4c811e825233c348347d0fe90ffdee7e8f6ec206df630361299b44
                                • Instruction ID: 29e4ab1c9c2eda88321984ae3a6c58d1f9876239522d1f33209d5d3b814c0968
                                • Opcode Fuzzy Hash: 42e713664e4c811e825233c348347d0fe90ffdee7e8f6ec206df630361299b44
                                • Instruction Fuzzy Hash: 3331DEB51082449FD620DB29D880B2BB7F9AFC5314F158C9CE8C947216DB39E854C7A3
                                APIs
                                • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C975A58,00010002), ref: 6B8CAC6C
                                • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C975A58,00010002), ref: 6B8CAC73
                                • ?EndScene@D3DContext@@QAEJXZ.AWT(6C975A58,00010002), ref: 6B8CACC2
                                • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B8CACD6
                                • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B8CAD08
                                • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C975A58,00010002), ref: 6B8CAD21
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                • String ID: ()V$run
                                • API String ID: 1221654457-1990820779
                                • Opcode ID: 5cf8b5a3bb56ace46f467526aaa251c89d8c832e2a97f02dbb79ef8ec9f5a511
                                • Instruction ID: ee5a2616363bb61f091bd640b137a683b79953be43fd6ba4ba889b51c5afd5b7
                                • Opcode Fuzzy Hash: 5cf8b5a3bb56ace46f467526aaa251c89d8c832e2a97f02dbb79ef8ec9f5a511
                                • Instruction Fuzzy Hash: 8A317EB56042419FD620CB39C8C0A6B77F9AFC5254F158C6CE88987256D739EC41CB72
                                APIs
                                • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C975A58,00010002), ref: 6B8CAC6C
                                • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C975A58,00010002), ref: 6B8CAC73
                                • ?EndScene@D3DContext@@QAEJXZ.AWT(6C975A58,00010002), ref: 6B8CACC2
                                • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B8CACD6
                                • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B8CAD08
                                • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C975A58,00010002), ref: 6B8CAD21
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                • String ID: ()V$run
                                • API String ID: 1221654457-1990820779
                                • Opcode ID: bde879ce18f12a27ba249f8bef3e8eb8af7375467b4991ee68f23c61ddea69c4
                                • Instruction ID: 6d3e0378a638c3a1df8e32cf3e84ee118cc54ddd0bc4f96232e238cc507bc954
                                • Opcode Fuzzy Hash: bde879ce18f12a27ba249f8bef3e8eb8af7375467b4991ee68f23c61ddea69c4
                                • Instruction Fuzzy Hash: 3D317EF96042459FDA10CB29C8C0B6B77F9AFC5354F154C5CE98997216D739EC01CBA2
                                APIs
                                • __wgetenv.LIBCMT ref: 00021013
                                • GetCommandLineA.KERNEL32 ref: 00021053
                                  • Part of subcall function 00028A72: __stbuf.LIBCMT ref: 00028AC0
                                  • Part of subcall function 00028A72: __ftbuf.LIBCMT ref: 00028AE9
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: CommandLine__ftbuf__stbuf__wgetenv
                                • String ID: 1.8$1.8.0_101-b13$Windows original main args:$_JAVA_LAUNCHER_DEBUG$wwwd_args[%d] = %s
                                • API String ID: 1994048314-67548272
                                • Opcode ID: e2a1619caa6d85decabb365852b4d6e61fd9599db2f63c3433564c841d3fb1e1
                                • Instruction ID: 69bb77db1a058628fd45b2159fe9e6e17aa03a9633cb0972dcf26b0db33a7d8a
                                • Opcode Fuzzy Hash: e2a1619caa6d85decabb365852b4d6e61fd9599db2f63c3433564c841d3fb1e1
                                • Instruction Fuzzy Hash: 222138B56002346FE3186FE0BCC6CAB779CE746719B51002DF640CB113EA76AD908BA0
                                APIs
                                • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C975A58,00010002), ref: 6B8CAC6C
                                • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C975A58,00010002), ref: 6B8CAC73
                                • ?EndScene@D3DContext@@QAEJXZ.AWT(6C975A58,00010002), ref: 6B8CACC2
                                • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B8CACD6
                                • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B8CAD08
                                • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C975A58,00010002), ref: 6B8CAD21
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                • String ID: ()V$run
                                • API String ID: 1221654457-1990820779
                                • Opcode ID: 1837b111c3f74fa79db14f0a639acfd663e7a0340b24917a5755477dd4eb2f4e
                                • Instruction ID: d387cfd085aa895991fdf70b090cdbee55f63db726250bae1ef99351fac98de4
                                • Opcode Fuzzy Hash: 1837b111c3f74fa79db14f0a639acfd663e7a0340b24917a5755477dd4eb2f4e
                                • Instruction Fuzzy Hash: 2C21BFFA6042459FDA20CB38C8C0B6B33B9AFC1218F158C6CE94987256DB39DC01C7A2
                                APIs
                                • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C975A58,00010002), ref: 6B8CAC6C
                                • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C975A58,00010002), ref: 6B8CAC73
                                • ?EndScene@D3DContext@@QAEJXZ.AWT(6C975A58,00010002), ref: 6B8CACC2
                                • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B8CACD6
                                • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B8CAD08
                                • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C975A58,00010002), ref: 6B8CAD21
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                • String ID: ()V$run
                                • API String ID: 1221654457-1990820779
                                • Opcode ID: f34f20191073ea43365ebf7e53f4755b7dd671bccad10d3b0b5aa96310981ea3
                                • Instruction ID: 7d4f406fc51b438b0af8f2906e2380e8864e65c1f305f8a04cde3daaa5b47445
                                • Opcode Fuzzy Hash: f34f20191073ea43365ebf7e53f4755b7dd671bccad10d3b0b5aa96310981ea3
                                • Instruction Fuzzy Hash: AC21BBF96042049FDA10DB38C8C0B6B33BAAFC1254F144C68E8098B266DB39DC01C7A3
                                APIs
                                • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C975A58,00010002), ref: 6B8CAC6C
                                • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C975A58,00010002), ref: 6B8CAC73
                                • ?EndScene@D3DContext@@QAEJXZ.AWT(6C975A58,00010002), ref: 6B8CACC2
                                • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B8CACD6
                                • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B8CAD08
                                • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C975A58,00010002), ref: 6B8CAD21
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                • String ID: ()V$run
                                • API String ID: 1221654457-1990820779
                                • Opcode ID: 27e09ffe4c53f6917a63abc7ffae48c185429a6fa364d96f97e0e4b8d7017147
                                • Instruction ID: ba2e6c2e26b9b7fc26b46e7d81c60acc0be38ecf28538b895060f97136d490e4
                                • Opcode Fuzzy Hash: 27e09ffe4c53f6917a63abc7ffae48c185429a6fa364d96f97e0e4b8d7017147
                                • Instruction Fuzzy Hash: 2B218EF96142059FDA10DB39C8C1B6B33B9AF81254F154C68D9099B266DB39DC41C7A3
                                APIs
                                • _vwprintf.LIBCMT ref: 00023BB8
                                  • Part of subcall function 00023904: _malloc.LIBCMT ref: 00023908
                                  • Part of subcall function 00023904: _perror.LIBCMT ref: 00023917
                                • _vswprintf_s.LIBCMT ref: 00023BD3
                                  • Part of subcall function 0002A9C0: __vsnprintf_l.LIBCMT ref: 0002A9D3
                                • MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00023BE9
                                • _vfwprintf.LIBCMT ref: 00023C07
                                • _fprintf.LIBCMT ref: 00023C1D
                                Strings
                                • JVM_FindClassFromBootLoader, xrefs: 00023BB2
                                • Java Virtual Machine Launcher, xrefs: 00023BDD
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Message__vsnprintf_l_fprintf_malloc_perror_vfwprintf_vswprintf_s_vwprintf
                                • String ID: JVM_FindClassFromBootLoader$Java Virtual Machine Launcher
                                • API String ID: 502157442-2728474055
                                • Opcode ID: 22d76845b8655b51a9d8e9b4a7c00fc6417e5d46d521e6919afaa94de1669038
                                • Instruction ID: 1348ecdc691ac6d267b0ef8418035c27aea48f9ef2ee97998c86668a61c31c91
                                • Opcode Fuzzy Hash: 22d76845b8655b51a9d8e9b4a7c00fc6417e5d46d521e6919afaa94de1669038
                                • Instruction Fuzzy Hash: 9401D6B35042547AEB017BA1BC07FEB3B5C9F42760F044016F90999053EE76E65087B6
                                APIs
                                • J2dTraceImpl.AWT(00000003,00000001,D3DGD_getDeviceCapsNative), ref: 6B8C6B4B
                                  • Part of subcall function 6B90EA57: _J2dTraceInit@0.AWT(?,6B8B4EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B90EA63
                                  • Part of subcall function 6B90EA57: fprintf.MSVCR100 ref: 6B90EABA
                                  • Part of subcall function 6B90EA57: vfprintf.MSVCR100 ref: 6B90EACB
                                  • Part of subcall function 6B90EA57: fprintf.MSVCR100 ref: 6B90EAE5
                                  • Part of subcall function 6B90EA57: fflush.MSVCR100 ref: 6B90EAEF
                                • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B8C6B53
                                • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B8C6B6B
                                • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,?,?), ref: 6B8C6B7A
                                • J2dTraceImpl.AWT(00000001,00000001,D3DGD_getDeviceCapsNative: device %d disabled,00000000,00000000,?,?), ref: 6B8C6B8D
                                Strings
                                • D3DGD_getDeviceCapsNative: device %d disabled, xrefs: 6B8C6B84
                                • D3DGD_getDeviceCapsNative, xrefs: 6B8C6B42
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Manager@@PipelineTrace$Implfprintf$AdapterContext@Context@@@Init@0Instance@OrdinalScreen@fflushvfprintf
                                • String ID: D3DGD_getDeviceCapsNative$D3DGD_getDeviceCapsNative: device %d disabled
                                • API String ID: 1313270379-1057826975
                                • Opcode ID: 509b6b0b65f44ef6bbcbb3f567dc20d8f55c4fe6adb2927f915a7a36f5b82180
                                • Instruction ID: 2140cd3d01bac7046c7e66d478dc05f95d2fe500512e35c8470bd8505861ff05
                                • Opcode Fuzzy Hash: 509b6b0b65f44ef6bbcbb3f567dc20d8f55c4fe6adb2927f915a7a36f5b82180
                                • Instruction Fuzzy Hash: 0FF02473B50511BAD22493699C02FEFA398DFE4B65F00483EFA05D7180EB59C81082F3
                                APIs
                                • _JNU_GetEnv@8.JAVA(00010002), ref: 6B924B6D
                                • _JNU_ClassString@4.JAVA(00000000), ref: 6B924BB3
                                • _JVM_CurrentTimeMillis@8.JVM(00000000,00000000,00010002), ref: 6B924CBC
                                Strings
                                • sun/awt/windows/WInputMethod, xrefs: 6B924C67
                                • sendInputMethodEvent, xrefs: 6B924C9F
                                • (IJLjava/lang/String;[I[Ljava/lang/String;[I[BIII)V, xrefs: 6B924C9A
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: ClassCurrentEnv@8Millis@8String@4Time
                                • String ID: (IJLjava/lang/String;[I[Ljava/lang/String;[I[BIII)V$sendInputMethodEvent$sun/awt/windows/WInputMethod
                                • API String ID: 2797162521-3029828681
                                • Opcode ID: 6967906933d6ea4fa8fc37fa307f950ddcf5764248c8ad134e871a3ba14e56a6
                                • Instruction ID: e290b00fa90f2af350e806826d815d28d7674b68d00c3d7fb25095faec88ae5e
                                • Opcode Fuzzy Hash: 6967906933d6ea4fa8fc37fa307f950ddcf5764248c8ad134e871a3ba14e56a6
                                • Instruction Fuzzy Hash: 36516774901608EFDB12DFA4CC88DAE7BB9FF89304B2045A9FE5596214D33AD951CF60
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: _control87$??3@H_prolog3_catch
                                • String ID:
                                • API String ID: 417898319-0
                                • Opcode ID: 2f731bf38cba0be0676e794b6ad38e758f8b00230db406d1a6fb2cbbc9d1c54f
                                • Instruction ID: 5361d9fae031141b46dbb18b3c07614ce1ef7b874d99d90c56647d29617bb8e4
                                • Opcode Fuzzy Hash: 2f731bf38cba0be0676e794b6ad38e758f8b00230db406d1a6fb2cbbc9d1c54f
                                • Instruction Fuzzy Hash: 1C514531904609EFDB11CFA8DD88CAEBBB5FF89310F24456AF814A6290DB36D951DF60
                                APIs
                                • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B8C6A3C
                                • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B8C6A6F
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Manager@@Pipeline$AdapterInstance@OrdinalScreen@
                                • String ID: %x&%x %S (%d.%d.%d.%d)
                                • API String ID: 1472660137-4060426082
                                • Opcode ID: 0fa214c2d88b04c214fb6b46fdfa32fe9dea7d2a5a13a5289a05426a2eba53a0
                                • Instruction ID: d74111e05ea56d99465265172692324dce96a60e8d9d3c4f0ace76bce1732e5b
                                • Opcode Fuzzy Hash: 0fa214c2d88b04c214fb6b46fdfa32fe9dea7d2a5a13a5289a05426a2eba53a0
                                • Instruction Fuzzy Hash: 222199B16152506BE7249B38DC45FBBB3D89FD9304F41892DF549C7241EB38E80187A6
                                APIs
                                • memset.MSVCR100 ref: 6B91CC0C
                                • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6B91D037,?,?,6B91D208,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B91CC16
                                • J2dTraceImpl.AWT(00000001,00000001,WGLGC_CreateScratchWindow: error registering window class), ref: 6B91CC47
                                  • Part of subcall function 6B90EA57: _J2dTraceInit@0.AWT(?,6B8B4EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B90EA63
                                  • Part of subcall function 6B90EA57: fprintf.MSVCR100 ref: 6B90EABA
                                  • Part of subcall function 6B90EA57: vfprintf.MSVCR100 ref: 6B90EACB
                                  • Part of subcall function 6B90EA57: fprintf.MSVCR100 ref: 6B90EAE5
                                  • Part of subcall function 6B90EA57: fflush.MSVCR100 ref: 6B90EAEF
                                • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,6B91D037,?,?,6B91D208,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B91CC61
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: HandleModuleTracefprintf$ImplInit@0fflushmemsetvfprintf
                                • String ID: Tmp$WGLGC_CreateScratchWindow: error registering window class
                                • API String ID: 803271967-4235559906
                                • Opcode ID: 2f87f4d3775dd72422cbe29fdc612ce7341ad442cf3ae4906893557cdb4a95b0
                                • Instruction ID: 616c85b2f95c4d13569c7693b603e7677c929dc22a613e9dfbda9a3ae605cc41
                                • Opcode Fuzzy Hash: 2f87f4d3775dd72422cbe29fdc612ce7341ad442cf3ae4906893557cdb4a95b0
                                • Instruction Fuzzy Hash: F901A770A5C304BBF670A7658C47F8A3FE89F86748F248429F648751C0E6B4E15487AA
                                APIs
                                • __getptd_noexit.LIBCMT ref: 0002AA5C
                                  • Part of subcall function 0002D491: GetLastError.KERNEL32(00000001,00000000,0002AB06,0002A0B2,00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7), ref: 0002D495
                                  • Part of subcall function 0002D491: ___set_flsgetvalue.LIBCMT ref: 0002D4A3
                                  • Part of subcall function 0002D491: __calloc_crt.LIBCMT ref: 0002D4B7
                                  • Part of subcall function 0002D491: DecodePointer.KERNEL32(00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7,?,?,?,0002D5B5), ref: 0002D4D1
                                  • Part of subcall function 0002D491: __initptd.LIBCMT ref: 0002D4E0
                                  • Part of subcall function 0002D491: GetCurrentThreadId.KERNEL32 ref: 0002D4E7
                                  • Part of subcall function 0002D491: SetLastError.KERNEL32(00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7,?,?,?,0002D5B5), ref: 0002D4FF
                                • __calloc_crt.LIBCMT ref: 0002AA7E
                                • __get_sys_err_msg.LIBCMT ref: 0002AA9C
                                • _strcpy_s.LIBCMT ref: 0002AAA4
                                • __invoke_watson.LIBCMT ref: 0002AAB9
                                Strings
                                • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 0002AA69, 0002AA8C
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: ErrorLast__calloc_crt$CurrentDecodePointerThread___set_flsgetvalue__get_sys_err_msg__getptd_noexit__initptd__invoke_watson_strcpy_s
                                • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                • API String ID: 69636372-798102604
                                • Opcode ID: 205d4e245ee7c13c3a5c75219eb8a3c9a2a4e5c72e1493d2533445fae2859358
                                • Instruction ID: f0a40471838c6bc32d06011dfe6eac1939641699bd5d58b0bf5623f5822a966a
                                • Opcode Fuzzy Hash: 205d4e245ee7c13c3a5c75219eb8a3c9a2a4e5c72e1493d2533445fae2859358
                                • Instruction Fuzzy Hash: 61F02B6270433227EB717929BD818BFB3DC8F51754B11043AFA0993102EB259C008197
                                APIs
                                • __getptd.LIBCMT ref: 00034A71
                                  • Part of subcall function 0002D50A: __getptd_noexit.LIBCMT ref: 0002D50D
                                  • Part of subcall function 0002D50A: __amsg_exit.LIBCMT ref: 0002D51A
                                • __amsg_exit.LIBCMT ref: 00034A91
                                • __lock.LIBCMT ref: 00034AA1
                                • InterlockedDecrement.KERNEL32(?), ref: 00034ABE
                                • _free.LIBCMT ref: 00034AD1
                                • InterlockedIncrement.KERNEL32(02811710), ref: 00034AE9
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                • String ID:
                                • API String ID: 3470314060-0
                                • Opcode ID: f5827c3b3002adc7c03bc9a676eef026c45319d09fe27cc3fd68d2216a63b580
                                • Instruction ID: 31472181a1ef7c0562727f39b0d4c54cf838ff2436e1918f113f1acc36e50054
                                • Opcode Fuzzy Hash: f5827c3b3002adc7c03bc9a676eef026c45319d09fe27cc3fd68d2216a63b580
                                • Instruction Fuzzy Hash: B5012639D41E21DBE722AB14B416B9E73E8FF01711F060005F414AB582CB38BC80CBCA
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __lseeki64$__read
                                • String ID: _JAVA_SPLASH_FILE
                                • API String ID: 4142932646-1214838622
                                • Opcode ID: 467bc92dafad20f57d52ef49c678ad7c17eb2373f1ca3d004f92fafd11d4454d
                                • Instruction ID: bf4f7f16ce8a4f2baa4b3d5ee9fb82d8772d7c37862747d4cc6926a417ee3706
                                • Opcode Fuzzy Hash: 467bc92dafad20f57d52ef49c678ad7c17eb2373f1ca3d004f92fafd11d4454d
                                • Instruction Fuzzy Hash: BE71F621E289B404EB79467E5CA51BEBFF69BC1303B08825EE8F5D10C3E57C8505DB64
                                APIs
                                  • Part of subcall function 6B90B3AE: malloc.MSVCR100 ref: 6B90B3B6
                                  • Part of subcall function 6B90B3AE: _SurfaceData_SetOps@12.AWT(?,?,00000000,?,6B8B4C2A,?,?,0000004C), ref: 6B90B3C7
                                  • Part of subcall function 6B90B3AE: memset.MSVCR100 ref: 6B90B3D6
                                • _JNU_ThrowOutOfMemoryError@8.JAVA(?,Initialization of SurfaceData failed.), ref: 6B8DEB18
                                • InterlockedIncrement.KERNEL32(6B9ABE78), ref: 6B8DEB28
                                Strings
                                • Initialization of SurfaceData failed., xrefs: 6B8DEB12
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Data_Error@8IncrementInterlockedMemoryOps@12SurfaceThrowmallocmemset
                                • String ID: Initialization of SurfaceData failed.
                                • API String ID: 3793303029-1683995780
                                • Opcode ID: 5ef90c96dcf3ca8e4f8359260648bf935f5ba428d60fc440d5ed5ef7e4096e38
                                • Instruction ID: 9c46e18bd519cb8610aab28490e6470ec17af0f433df856e706791d7d234ef8c
                                • Opcode Fuzzy Hash: 5ef90c96dcf3ca8e4f8359260648bf935f5ba428d60fc440d5ed5ef7e4096e38
                                • Instruction Fuzzy Hash: 194187B66187049FD720DF29D480A2BFBE4BB89749F804E2EE18A87600D778E444CB91
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen$_strpbrk
                                • String ID: &+*$.-_
                                • API String ID: 763926018-274609856
                                • Opcode ID: 59a6e71d73d9fa2e629789d134d023931f569bb67ddbb3a840cc4cba02433b11
                                • Instruction ID: e0e72577f35b1d4bc533a4da00923fa7f37af59f63f3897c4ecbe77754cd36a7
                                • Opcode Fuzzy Hash: 59a6e71d73d9fa2e629789d134d023931f569bb67ddbb3a840cc4cba02433b11
                                • Instruction Fuzzy Hash: 3A212932608E736AE775A225FC91BBF67DCDF06760FA40056EC82DA087EE16DC4181A4
                                APIs
                                • __wgetenv.LIBCMT ref: 00021DBC
                                • __wgetenv.LIBCMT ref: 00021DC9
                                  • Part of subcall function 00028BB6: _strnlen.LIBCMT ref: 00028BEB
                                  • Part of subcall function 00028BB6: __lock.LIBCMT ref: 00028BFC
                                  • Part of subcall function 00028BB6: __getenv_helper_nolock.LIBCMT ref: 00028C09
                                  • Part of subcall function 00026124: __wopen.LIBCMT ref: 00026136
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __wgetenv$__getenv_helper_nolock__lock__wopen_strnlen
                                • String ID: _JAVA_SPLASH_FILE$_JAVA_SPLASH_JAR$_JAVA_VERSION_SET
                                • API String ID: 1768112632-1229670908
                                • Opcode ID: 533b446a18bca8e8c4c838ee94f4eb5b9967c796f3db7034224e5307441ada2a
                                • Instruction ID: b16b2e67e1bb6573384ad244012cb4d3c600d3d32b6774e6da87f161dbb6f5c7
                                • Opcode Fuzzy Hash: 533b446a18bca8e8c4c838ee94f4eb5b9967c796f3db7034224e5307441ada2a
                                • Instruction Fuzzy Hash: 3121BB72801938BBDF1277A8BC429EEBAB8AF51711F1100A4FD0071193EB344A919AA5
                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 6B946B33
                                • _JNU_GetEnv@8.JAVA(00010002,00000018), ref: 6B946B43
                                • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B946B7A
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Env@8Exception@8H_prolog3_catchNullPointerThrow
                                • String ID: null pData$peer
                                • API String ID: 1176200671-751156914
                                • Opcode ID: 1085749d94943d887cadc3a2eb3d796df7a505b45b0c14f401c8ad029d58b69e
                                • Instruction ID: 7a1568dedf2502802d8a71afa777c85c60586f8e1a6e5c839504ee2b3438eb30
                                • Opcode Fuzzy Hash: 1085749d94943d887cadc3a2eb3d796df7a505b45b0c14f401c8ad029d58b69e
                                • Instruction Fuzzy Hash: 0D317C70909604AFDF01EFB8C889DDD7BB5BF0A304F2044A9F5459B251DB79CA41DB51
                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 6B948AC5
                                • _JNU_GetEnv@8.JAVA(00010002,00000010), ref: 6B948AD5
                                • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B948B23
                                • SetLastError.KERNEL32(00000000), ref: 6B948B52
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Env@8ErrorException@8H_prolog3_catchLastNullPointerThrow
                                • String ID: null target
                                • API String ID: 3644746280-2084975241
                                • Opcode ID: 0c74c684d7cce0cf9df898954eb29740ff17625d2e8300285fa03b93cdbe4ab4
                                • Instruction ID: ba02bf4b2cd35a419fe3a688cca3ed8f437964983788748287ebbf6e9c364496
                                • Opcode Fuzzy Hash: 0c74c684d7cce0cf9df898954eb29740ff17625d2e8300285fa03b93cdbe4ab4
                                • Instruction Fuzzy Hash: 4D31A270904605EFDB149F78C8C9A9EBBB4BF09308F104469F945E7240D7B8CA40DB91
                                APIs
                                • _JNU_GetEnv@8.JAVA(00010002), ref: 6B952BB0
                                • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B952BCE
                                • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B952C0A
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Exception@8NullPointerThrow$Env@8
                                • String ID: null pData$peer
                                • API String ID: 2682551001-751156914
                                • Opcode ID: eabbe0d0db035a44d501f0505337eba8e9212e2c05c74d8460d78bd21758cb4d
                                • Instruction ID: 0d37ef6a211103fcce675c7f276598ef08a57e8a600389fa707ebfdb07ed3a47
                                • Opcode Fuzzy Hash: eabbe0d0db035a44d501f0505337eba8e9212e2c05c74d8460d78bd21758cb4d
                                • Instruction Fuzzy Hash: 34116732144504BFEB12EF68C849EEE7BBCEF0A395B1000A4F94197261DB38DE518BA5
                                APIs
                                • _JNU_GetEnv@8.JAVA(00010002), ref: 6B952AFE
                                • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B952B1C
                                • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B952B58
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Exception@8NullPointerThrow$Env@8
                                • String ID: null pData$peer
                                • API String ID: 2682551001-751156914
                                • Opcode ID: 1e73e4e5a3ae5336feaf01c0b1a5bab2985937944983c6aab9cd73007049af50
                                • Instruction ID: c725f7c225eb1b1c2a3ff285cb6fbc637409054f9f6f6b7006d5961827f94209
                                • Opcode Fuzzy Hash: 1e73e4e5a3ae5336feaf01c0b1a5bab2985937944983c6aab9cd73007049af50
                                • Instruction Fuzzy Hash: BD115E32544604BFEB12DF68C849EEE7BBDEF0A354B100064F94597250DB39DD518BA5
                                APIs
                                  • Part of subcall function 000247B7: __stat64i32.LIBCMT ref: 00024812
                                • _strlen.LIBCMT ref: 00024A79
                                • _strlen.LIBCMT ref: 00024A87
                                • LoadLibraryA.KERNEL32(?), ref: 00024AB9
                                • GetProcAddress.KERNEL32(00000000,?), ref: 00024ACA
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen$AddressLibraryLoadProc__stat64i32
                                • String ID: _JAVA_SPLASH_FILE
                                • API String ID: 381143760-1214838622
                                • Opcode ID: 2b5026f67e38457b7ea241cfad8046b9dcd588cd3bf51c6f0b2a7007cf12f83c
                                • Instruction ID: d5f4be7de532b82a4f6cd22432caef013bfe1c1d0c6d98457fb7ff7ecf7cb238
                                • Opcode Fuzzy Hash: 2b5026f67e38457b7ea241cfad8046b9dcd588cd3bf51c6f0b2a7007cf12f83c
                                • Instruction Fuzzy Hash: E001ED76A042299BEB44EBA5FC85ADA73ACEB01325F000066E640E7141EB38DD94CB58
                                APIs
                                • _JNU_GetEnv@8.JAVA(00010002,?,6B92EC15), ref: 6B92EB64
                                  • Part of subcall function 6B92D8BC: _JNU_GetEnv@8.JAVA(00010002,?,00000000,?,?,6B92EB84,win.properties.version,00000003,?,?,6B92EC15), ref: 6B92D8D0
                                  • Part of subcall function 6B92D8BC: wcslen.MSVCR100 ref: 6B92D8DA
                                  • Part of subcall function 6B92D8BC: _CxxThrowException.MSVCR100(?,6B989388), ref: 6B92D907
                                  • Part of subcall function 6B92D8BC: _JNU_GetEnv@8.JAVA(00010002,?,?,6B92EB84,win.properties.version,00000003,?,?,6B92EC15), ref: 6B92D913
                                  • Part of subcall function 6B92D8BC: _JNU_GetEnv@8.JAVA(00010002), ref: 6B92D934
                                  • Part of subcall function 6B92E212: GetVersion.KERNEL32(00000000), ref: 6B92E22A
                                  • Part of subcall function 6B92E628: __EH_prolog3_catch.LIBCMT ref: 6B92E62F
                                  • Part of subcall function 6B92E628: GetVersion.KERNEL32(win.text.fontSmoothingOn,00000000,win.frame.fullWindowDragsOn,00000000,00000030,6B92EBA7,win.properties.version,00000003,?,?,6B92EC15), ref: 6B92E669
                                  • Part of subcall function 6B92E628: GetVersion.KERNEL32(?,?,6B92EC15), ref: 6B92E66F
                                  • Part of subcall function 6B92E628: GetVersion.KERNEL32(?,?,6B92EC15), ref: 6B92E678
                                  • Part of subcall function 6B92E628: GetSystemMetrics.USER32(00000044), ref: 6B92E6C8
                                  • Part of subcall function 6B92E628: GetSystemMetrics.USER32(00000045), ref: 6B92E6CE
                                  • Part of subcall function 6B92E628: GetDoubleClickTime.USER32(awt.mouse.numButtons,00000000,DnD.gestureMotionThreshold,?,win.drag.height,?,win.drag.width,00000000,?,?,6B92EC15), ref: 6B92E71C
                                  • Part of subcall function 6B92E628: GetSystemMetrics.USER32(0000004B), ref: 6B92E746
                                  • Part of subcall function 6B92E06C: __EH_prolog3_catch.LIBCMT ref: 6B92E073
                                • GetVersion.KERNEL32(win.properties.version,00000003,?,?,6B92EC15), ref: 6B92EBBB
                                • GetVersion.KERNEL32(?,?,6B92EC15), ref: 6B92EBC1
                                • GetVersion.KERNEL32(?,?,6B92EC15), ref: 6B92EBCA
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Version$Env@8$MetricsSystem$H_prolog3_catch$ClickDoubleExceptionThrowTimewcslen
                                • String ID: win.properties.version
                                • API String ID: 297521648-1571471729
                                • Opcode ID: 7bbb2c9619664a59d4a2bc862776954fbf906eb608952b382a842de67ad4e5e9
                                • Instruction ID: 7c8274bd85a456af01c1ca0159b17bd11afabb68c6b6bf9f6a852ea952172f23
                                • Opcode Fuzzy Hash: 7bbb2c9619664a59d4a2bc862776954fbf906eb608952b382a842de67ad4e5e9
                                • Instruction Fuzzy Hash: 99F06924F74C2452A81A32399CA6AAC221A5FE6A1C7410429D1035B28CCF7CC943879A
                                APIs
                                • _JNU_ThrowNullPointerException@8.JAVA(?,Attempt to lock missing colormap), ref: 6B8B4BBE
                                • _SurfaceData_IntersectBounds@8.AWT(?,?), ref: 6B8B4BE6
                                • _JNU_ThrowNullPointerException@8.JAVA(?,Could not initialize inverse tables), ref: 6B8B4C0D
                                Strings
                                • Could not initialize inverse tables, xrefs: 6B8B4C07
                                • Attempt to lock missing colormap, xrefs: 6B8B4BB6
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Exception@8NullPointerThrow$Bounds@8Data_IntersectSurface
                                • String ID: Attempt to lock missing colormap$Could not initialize inverse tables
                                • API String ID: 2795543317-2757055519
                                • Opcode ID: 8baac10043742c7286a51c081784ad8c79b819af1826eca43775c2412966a679
                                • Instruction ID: fcede05b976402ea558e8ec017251dd169bbfa19f5cf7a8c17384acba5c5a972
                                • Opcode Fuzzy Hash: 8baac10043742c7286a51c081784ad8c79b819af1826eca43775c2412966a679
                                • Instruction Fuzzy Hash: 3B01D831405609ABDB209F79D885B4A3BA8AF9137EF040955FE14972C2E77DD8148BA1
                                APIs
                                • RegOpenKeyExW.ADVAPI32(80000001,Keyboard Layout\Preload,00000000,00020019,?,00000001), ref: 6B942C1D
                                • RegQueryValueExW.ADVAPI32(?,6B9841C4,00000000,00000000,?,00000010), ref: 6B942C39
                                • wcstoul.MSVCR100 ref: 6B942C4D
                                • RegCloseKey.ADVAPI32(?), ref: 6B942C5B
                                Strings
                                • Keyboard Layout\Preload, xrefs: 6B942C0C
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: CloseOpenQueryValuewcstoul
                                • String ID: Keyboard Layout\Preload
                                • API String ID: 4145366269-3340346415
                                • Opcode ID: abb0b09a37fe7ea5216ef3a66db488c2c267cdfb8b006675d9d7bf28003434d6
                                • Instruction ID: 5cdf2de83eae367d9eb213a619c0fc7618dfccbeff5e8d71d257042055e340b9
                                • Opcode Fuzzy Hash: abb0b09a37fe7ea5216ef3a66db488c2c267cdfb8b006675d9d7bf28003434d6
                                • Instruction Fuzzy Hash: 64011A71A0410DBBEB108BA5CC89EBFBBBCEB99705F000429E901E2140EA74D955DB60
                                APIs
                                  • Part of subcall function 00025476: __wgetenv.LIBCMT ref: 000254B0
                                • _strlen.LIBCMT ref: 000213D1
                                • _strlen.LIBCMT ref: 000213DA
                                • _strlen.LIBCMT ref: 000213E7
                                  • Part of subcall function 00023904: _malloc.LIBCMT ref: 00023908
                                  • Part of subcall function 00023904: _perror.LIBCMT ref: 00023917
                                • _sprintf.LIBCMT ref: 000213FE
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen$__wgetenv_malloc_perror_sprintf
                                • String ID: -Djava.class.path=%s
                                • API String ID: 448369934-2416158790
                                • Opcode ID: e6c4e5b679508970e6500807a38babfff0cac5c30c44320ec73aed271cec4485
                                • Instruction ID: 49c4e0c0832741e08db55a877460eeb69614881b8a678dcea97d12eb06eefefd
                                • Opcode Fuzzy Hash: e6c4e5b679508970e6500807a38babfff0cac5c30c44320ec73aed271cec4485
                                • Instruction Fuzzy Hash: F7F06DB7A4123436993136797C83FEF42AC8F92754F050035F908F7143EE588A9284F6
                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 6B942B83
                                  • Part of subcall function 6B95F49D: _JNU_GetEnv@8.JAVA(6C975A58,00010002,6B95A2EA,00000004,6B8C7083,?,00000020,?,00000020,?), ref: 6B95F4AC
                                  • Part of subcall function 6B954450: GetCurrentThreadId.KERNEL32 ref: 6B95448B
                                  • Part of subcall function 6B954450: _CxxThrowException.MSVCR100(?,6B989788), ref: 6B9544A7
                                  • Part of subcall function 6B954450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B989788), ref: 6B9544B6
                                  • Part of subcall function 6B954450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9544BD
                                • JNU_CallStaticMethodByName.JAVA(?,00000000,java/util/Locale,forLanguageTag,(Ljava/lang/String;)Ljava/util/Locale;,00000000), ref: 6B942BBE
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: CallCreateCurrentEnv@8EventExceptionH_prolog3_catchMethodNameObjectSingleStaticThreadThrowWait
                                • String ID: (Ljava/lang/String;)Ljava/util/Locale;$forLanguageTag$java/util/Locale
                                • API String ID: 3925435092-3289162403
                                • Opcode ID: ae1d7c68e109c574ac410169bf6d3d315b10eba991e4e13d317666132ced03df
                                • Instruction ID: c5735dc0a1be70548cc7922925dc4f18d839ccd7aeeff51b1e2f792b4e8bd202
                                • Opcode Fuzzy Hash: ae1d7c68e109c574ac410169bf6d3d315b10eba991e4e13d317666132ced03df
                                • Instruction Fuzzy Hash: 96F0E234A50200ABDB51AFB88C06F5E77B8AFB625DF108459FC44AB300E77CE9008A61
                                APIs
                                • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B8C6BCC
                                • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B8C6BF5
                                • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,?,?), ref: 6B8C6C04
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Manager@@Pipeline$AdapterContext@Context@@@Instance@OrdinalScreen@
                                • String ID:
                                • API String ID: 2689482991-0
                                • Opcode ID: 9e18eb562ef2d5c92f61f87f263125eb281cc652e28990641e8e961249b7e56d
                                • Instruction ID: 76f2a17db7b842e1859e69b91b9ada6896928c8d7d4f9dafabb49d9a14dfa26c
                                • Opcode Fuzzy Hash: 9e18eb562ef2d5c92f61f87f263125eb281cc652e28990641e8e961249b7e56d
                                • Instruction Fuzzy Hash: A0315BB1A083459BD704DF78C88196FB7E9AFD8708F00492EE98587211DB78D904CBA3
                                APIs
                                • _malloc.LIBCMT ref: 0002A0CB
                                  • Part of subcall function 0002A029: __FF_MSGBANNER.LIBCMT ref: 0002A042
                                  • Part of subcall function 0002A029: __NMSG_WRITE.LIBCMT ref: 0002A049
                                  • Part of subcall function 0002A029: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7), ref: 0002A06E
                                • _free.LIBCMT ref: 0002A0DE
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: AllocateHeap_free_malloc
                                • String ID:
                                • API String ID: 1020059152-0
                                • Opcode ID: 6d680ce837b2b5a4b5c9416e625f360ec1590435308feb6560a0d4518d91ca7a
                                • Instruction ID: b96f4e24f4479d8e5e3416780b14b5e90897db04fac6666399b81bc49ce665e9
                                • Opcode Fuzzy Hash: 6d680ce837b2b5a4b5c9416e625f360ec1590435308feb6560a0d4518d91ca7a
                                • Instruction Fuzzy Hash: 1A11CE32600631ABDB362F74B805B9E37E99F923B0F204926F9489A152EF34CC508792
                                APIs
                                • __getptd.LIBCMT ref: 000351F2
                                  • Part of subcall function 0002D50A: __getptd_noexit.LIBCMT ref: 0002D50D
                                  • Part of subcall function 0002D50A: __amsg_exit.LIBCMT ref: 0002D51A
                                • __getptd.LIBCMT ref: 00035209
                                • __amsg_exit.LIBCMT ref: 00035217
                                • __lock.LIBCMT ref: 00035227
                                • __updatetlocinfoEx_nolock.LIBCMT ref: 0003523B
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                • String ID:
                                • API String ID: 938513278-0
                                • Opcode ID: 478a140de165eef8c8a51fcabe1b80056fe95bb16a228062496815b4dfc6d89a
                                • Instruction ID: 45aa6a5cd5c53278620752179026e43b98e6eb0d7a3779a659d5540e3fef9696
                                • Opcode Fuzzy Hash: 478a140de165eef8c8a51fcabe1b80056fe95bb16a228062496815b4dfc6d89a
                                • Instruction Fuzzy Hash: E0F09C71A44F209BE752BB647C13B8E73D49F05711F158509F014AB1E3CB644D409655
                                APIs
                                  • Part of subcall function 00028A20: _doexit.LIBCMT ref: 00028A2C
                                • ___set_flsgetvalue.LIBCMT ref: 0002AEFB
                                  • Part of subcall function 0002D34F: TlsGetValue.KERNEL32(?,0002AF00), ref: 0002D358
                                  • Part of subcall function 0002D34F: DecodePointer.KERNEL32(?,0002AF00), ref: 0002D36A
                                  • Part of subcall function 0002D34F: TlsSetValue.KERNEL32(00000000,?,0002AF00), ref: 0002D379
                                • ___fls_getvalue@4.LIBCMT ref: 0002AF06
                                  • Part of subcall function 0002D32F: TlsGetValue.KERNEL32(?,?,0002AF0B,00000000), ref: 0002D33D
                                • ___fls_setvalue@8.LIBCMT ref: 0002AF19
                                  • Part of subcall function 0002D383: DecodePointer.KERNEL32(?,?,?,0002AF1E,00000000,?,00000000), ref: 0002D394
                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 0002AF22
                                • ExitThread.KERNEL32 ref: 0002AF29
                                • GetCurrentThreadId.KERNEL32 ref: 0002AF2F
                                • __freefls@4.LIBCMT ref: 0002AF4F
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                • String ID:
                                • API String ID: 781180411-0
                                • Opcode ID: eae25ab57c88092aa0fa204d3ee7f0627cf8511c73f891e878e02fac6fff1275
                                • Instruction ID: bc8ee0511709719c3c9591f2be49cdcc3a4bedb95eccb83402bd38cce4ab8dc1
                                • Opcode Fuzzy Hash: eae25ab57c88092aa0fa204d3ee7f0627cf8511c73f891e878e02fac6fff1275
                                • Instruction Fuzzy Hash: 85E04F69800275A79F817BF1FD0A9CF3B6C5F41340B040412BD10E3003EE2C9E1147A3
                                APIs
                                • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,band array), ref: 6B90AB88
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: ArrayBoundsException@8IndexThrow
                                • String ID: alpha tile array$band array
                                • API String ID: 540364022-1923403480
                                • Opcode ID: bafb18dc4713113952f7feb08bb97c3d1be1eb8600fc19b7a4851fb3e25f91e1
                                • Instruction ID: 161a5548afaf06d77d6f363c98123ffe1ab73b2eb3bc7fb380bc4d3935069c75
                                • Opcode Fuzzy Hash: bafb18dc4713113952f7feb08bb97c3d1be1eb8600fc19b7a4851fb3e25f91e1
                                • Instruction Fuzzy Hash: B8E1D675900519EFCB01CFA8C984A9EBBF6FF49300F2580A9F944AB255D734EA51CFA4
                                APIs
                                • _JNU_ThrowNullPointerException@8.JAVA(?,peer), ref: 6B948C1B
                                • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B948C62
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Exception@8NullPointerThrow
                                • String ID: null pData$peer
                                • API String ID: 473278687-751156914
                                • Opcode ID: 5d9b269ffae1a16a421eecc0303865ede4df4e2bdabe5c26bb258ce040390484
                                • Instruction ID: e587eee5295336d853826a11804f79af76d59af5c38feb5fb10b89c55e2e7ff8
                                • Opcode Fuzzy Hash: 5d9b269ffae1a16a421eecc0303865ede4df4e2bdabe5c26bb258ce040390484
                                • Instruction Fuzzy Hash: 9C411471905509AFDB019FA8C888DEEBBF8FF0E315B100069F942A6250CB39D951CFA5
                                APIs
                                • _memmove.LIBCMT ref: 000212F3
                                  • Part of subcall function 00023904: _malloc.LIBCMT ref: 00023908
                                  • Part of subcall function 00023904: _perror.LIBCMT ref: 00023917
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _malloc_memmove_perror
                                • String ID: -Xms$-Xmx$-Xss
                                • API String ID: 3795916911-1591921524
                                • Opcode ID: bae59073035d2636c54d9ec77660bbcf66e89a139828157aeb265eb40c4f2728
                                • Instruction ID: 55b10a6f6c9a565d79d59fe6fd0cd9fdf219e367003dac171275f675705ced3c
                                • Opcode Fuzzy Hash: bae59073035d2636c54d9ec77660bbcf66e89a139828157aeb265eb40c4f2728
                                • Instruction Fuzzy Hash: 8031B6B8604615AFE700DF24FE419D877F9EB8A31AF400119FC04DB263E738AA85CB14
                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 6B95CBD8
                                • _JNU_ThrowNullPointerException@8.JAVA(?,iconRaster data), ref: 6B95CC16
                                • memset.MSVCR100 ref: 6B95CC69
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Exception@8H_prolog3_catchNullPointerThrowmemset
                                • String ID: iconRaster data
                                • API String ID: 1709764402-3591564486
                                • Opcode ID: 74672df91c6a6c19c57fcc83fa332acac56c7e9c31bd6b498251702d4f74bc83
                                • Instruction ID: 8d22f8cb45eb9ab27b984c9d3ffb3a2c21215346f60bd20eb37f5146efa9db79
                                • Opcode Fuzzy Hash: 74672df91c6a6c19c57fcc83fa332acac56c7e9c31bd6b498251702d4f74bc83
                                • Instruction Fuzzy Hash: 802189B2D00219EFDB11DFB4CD85A9E7BB8AF09708F10456AF914A7290D738CA10DBA1
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen
                                • String ID: -Dsun.java.command=
                                • API String ID: 4218353326-3397619990
                                • Opcode ID: c38b914d9271cd0b6cff80512390d561bb31ffa5936b7e8faac8d0f877b67364
                                • Instruction ID: fb5bcb540b52913803b6827543dc5d142d63d3fb4ead72b130e3ab886b401024
                                • Opcode Fuzzy Hash: c38b914d9271cd0b6cff80512390d561bb31ffa5936b7e8faac8d0f877b67364
                                • Instruction Fuzzy Hash: E001A13250423AAAD7126E98BCC6EEEB7ACAB55750F150029F944A7003DB21A952C7E1
                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 6B920AAB
                                  • Part of subcall function 6B95F49D: _JNU_GetEnv@8.JAVA(6C975A58,00010002,6B95A2EA,00000004,6B8C7083,?,00000020,?,00000020,?), ref: 6B95F4AC
                                  • Part of subcall function 6B954450: GetCurrentThreadId.KERNEL32 ref: 6B95448B
                                  • Part of subcall function 6B954450: _CxxThrowException.MSVCR100(?,6B989788), ref: 6B9544A7
                                  • Part of subcall function 6B954450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B989788), ref: 6B9544B6
                                  • Part of subcall function 6B954450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9544BD
                                • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B920AD4
                                  • Part of subcall function 6B953EC0: _JNU_GetEnv@8.JAVA(6C975A58,00010002,?,?), ref: 6B953ED2
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                • String ID: null pData$peer
                                • API String ID: 2776560734-751156914
                                • Opcode ID: 2a24b84ecf25d17cdac5816b37b7ffbf06a2df6087185e770dbeee7793c011d5
                                • Instruction ID: a9d2f0804847cc336f06c50db11257c2ab160dbdaadd87d58221844335dd036b
                                • Opcode Fuzzy Hash: 2a24b84ecf25d17cdac5816b37b7ffbf06a2df6087185e770dbeee7793c011d5
                                • Instruction Fuzzy Hash: 3B117C39854504EFEB21AFA4C819FAE3BB9FF55308F2140A4F95466254D739C6508F62
                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 6B944AE8
                                  • Part of subcall function 6B95F49D: _JNU_GetEnv@8.JAVA(6C975A58,00010002,6B95A2EA,00000004,6B8C7083,?,00000020,?,00000020,?), ref: 6B95F4AC
                                  • Part of subcall function 6B954450: GetCurrentThreadId.KERNEL32 ref: 6B95448B
                                  • Part of subcall function 6B954450: _CxxThrowException.MSVCR100(?,6B989788), ref: 6B9544A7
                                  • Part of subcall function 6B954450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B989788), ref: 6B9544B6
                                  • Part of subcall function 6B954450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9544BD
                                • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B944B11
                                  • Part of subcall function 6B953EC0: _JNU_GetEnv@8.JAVA(6C975A58,00010002,?,?), ref: 6B953ED2
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                • String ID: null pData$peer
                                • API String ID: 2776560734-751156914
                                • Opcode ID: f01738d9b47c382fa704c06ba85a73d7ffb403287d0848b060397a6b56617393
                                • Instruction ID: 1f39fcb7a58c93b81ebcf5f11e629a9ca2f59d9168657fc48e4571092a2ff295
                                • Opcode Fuzzy Hash: f01738d9b47c382fa704c06ba85a73d7ffb403287d0848b060397a6b56617393
                                • Instruction Fuzzy Hash: 0411A935900500AFEB22AFB4C818FDE3BB9AF45348F2080A4F9141A350DB39DA10CF62
                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 6B942A1B
                                  • Part of subcall function 6B95F49D: _JNU_GetEnv@8.JAVA(6C975A58,00010002,6B95A2EA,00000004,6B8C7083,?,00000020,?,00000020,?), ref: 6B95F4AC
                                  • Part of subcall function 6B954450: GetCurrentThreadId.KERNEL32 ref: 6B95448B
                                  • Part of subcall function 6B954450: _CxxThrowException.MSVCR100(?,6B989788), ref: 6B9544A7
                                  • Part of subcall function 6B954450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B989788), ref: 6B9544B6
                                  • Part of subcall function 6B954450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9544BD
                                • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B942A44
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                • String ID: null pData$peer
                                • API String ID: 608574450-751156914
                                • Opcode ID: b61f89deedc4cdd6c6a887dcfc0daf2863b92a2747f2926b4043dcdbb98d24f6
                                • Instruction ID: a6e9666c7c206657255ff8bf8d1a5d4e6e4a128f5c36a59f005e7adb0df9618d
                                • Opcode Fuzzy Hash: b61f89deedc4cdd6c6a887dcfc0daf2863b92a2747f2926b4043dcdbb98d24f6
                                • Instruction Fuzzy Hash: E401C035514510ABE721DFA88808EBE3BB9BF96708F214098F9419B291DB3CC950CBB6
                                APIs
                                • RegOpenKeyExA.ADVAPI32(80000001,Software\JavaSoft\Java Runtime Environment,00000000,00020019,00000000), ref: 00023EE5
                                • RegCloseKey.ADVAPI32(00000000), ref: 00023F0B
                                  • Part of subcall function 00023D83: RegEnumKeyA.ADVAPI32(80000001,00000000,?,00000104), ref: 00023DCA
                                  • Part of subcall function 00023D83: RegEnumKeyA.ADVAPI32(?,?,?,00000104), ref: 00023E1A
                                • RegCloseKey.ADVAPI32(00000000), ref: 00023F23
                                Strings
                                • Software\JavaSoft\Java Runtime Environment, xrefs: 00023EDC
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: CloseEnum$Open
                                • String ID: Software\JavaSoft\Java Runtime Environment
                                • API String ID: 956018044-786720643
                                • Opcode ID: 334f2bbd04495ca9d6a7d80f8b2b8abc174ea9be871fcd63e425c258e3501098
                                • Instruction ID: 5210d4bc5aefa7fa6d7042babb2e38bbee929dbdafd0ec37a460f6153451551e
                                • Opcode Fuzzy Hash: 334f2bbd04495ca9d6a7d80f8b2b8abc174ea9be871fcd63e425c258e3501098
                                • Instruction Fuzzy Hash: CE018F32E04229FBEF959B98FE45B9DBBB8EB04304F204079E504A2051D7B99F44AB40
                                APIs
                                • J2dTraceImpl.AWT(00000001,00000001,WGLGC_DestroyOGLContext: context is null,6B91D51F), ref: 6B91CB3D
                                  • Part of subcall function 6B90EA57: _J2dTraceInit@0.AWT(?,6B8B4EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B90EA63
                                  • Part of subcall function 6B90EA57: fprintf.MSVCR100 ref: 6B90EABA
                                  • Part of subcall function 6B90EA57: vfprintf.MSVCR100 ref: 6B90EACB
                                  • Part of subcall function 6B90EA57: fprintf.MSVCR100 ref: 6B90EAE5
                                  • Part of subcall function 6B90EA57: fflush.MSVCR100 ref: 6B90EAEF
                                • free.MSVCR100 ref: 6B91CB95
                                • free.MSVCR100 ref: 6B91CB9B
                                Strings
                                • WGLGC_DestroyOGLContext: context is null, xrefs: 6B91CB34
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Tracefprintffree$ImplInit@0fflushvfprintf
                                • String ID: WGLGC_DestroyOGLContext: context is null
                                • API String ID: 3805858621-1708994239
                                • Opcode ID: 486c2b3303b589af37fb8c4de315844b6d6d08b7cfe523b939af3bc3d85d4fcc
                                • Instruction ID: fcc33dc237ddea3b958ba6c233c5783bdc4c033603398fcaef665c2c61a60af2
                                • Opcode Fuzzy Hash: 486c2b3303b589af37fb8c4de315844b6d6d08b7cfe523b939af3bc3d85d4fcc
                                • Instruction Fuzzy Hash: 24F0A475A48600BBEA209B749C85F6B337CEF05B55F108478FD1AE7240DB2DE454DA62
                                APIs
                                • GlobalLock.KERNEL32(?), ref: 6B94EA92
                                • GlobalUnlock.KERNEL32(?), ref: 6B94EAAF
                                • GlobalLock.KERNEL32(00000000), ref: 6B94EB82
                                • GlobalUnlock.KERNEL32(00000000), ref: 6B94EBDC
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Global$LockUnlock
                                • String ID:
                                • API String ID: 2502338518-0
                                • Opcode ID: 857972b6a916465fbfcb36e4406d45911ca29dacfb36e6d53c53c21472e2b251
                                • Instruction ID: 640449d5f5a2af53004a27ba38c7cc120ea873611435158a4a572515029d74cd
                                • Opcode Fuzzy Hash: 857972b6a916465fbfcb36e4406d45911ca29dacfb36e6d53c53c21472e2b251
                                • Instruction Fuzzy Hash: 15718070914A0AFFDF14EF78D8855AEBFB8FF08308F1184A9E59492250EB35D928CB55
                                APIs
                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00037B60
                                  • Part of subcall function 0002CA70: __getptd.LIBCMT ref: 0002CA83
                                  • Part of subcall function 0002AB01: __getptd_noexit.LIBCMT ref: 0002AB01
                                • __stricmp_l.LIBCMT ref: 00037BCD
                                  • Part of subcall function 0003B2F9: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0003B308
                                • ___crtLCMapStringA.LIBCMT ref: 00037C23
                                • ___crtLCMapStringA.LIBCMT ref: 00037CA4
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Locale$StringUpdateUpdate::____crt$__getptd__getptd_noexit__stricmp_l
                                • String ID:
                                • API String ID: 2544346105-0
                                • Opcode ID: 8e7860e23ef72dec1a3cdfffbdb85141dbd8d903dbe0353ee267e1089c401864
                                • Instruction ID: c5675bbfbbff4891c3f61a03dbe5c15db03f69b9b9ffe04ff293a1d615ecda07
                                • Opcode Fuzzy Hash: 8e7860e23ef72dec1a3cdfffbdb85141dbd8d903dbe0353ee267e1089c401864
                                • Instruction Fuzzy Hash: C65106B0918299ABDB3B8B65C485BFD7BF8AF02324F2842D9E4A55A1D2D7308E41D750
                                APIs
                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00036424
                                • __isleadbyte_l.LIBCMT ref: 00036457
                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00000000,?,00000000,00000000,?,?,?,?,00000000,00000000), ref: 00036488
                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00000000,00000001,00000000,00000000,?,?,?,?,00000000,00000000), ref: 000364F6
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                • String ID:
                                • API String ID: 3058430110-0
                                • Opcode ID: 061ba6a30e1575c9477696d23efc4a266ba7e2a42d18c4f30ee7013d77fc0abd
                                • Instruction ID: 934fa0048642f20a8788e7e7259f81572432c052c2bf70dfd08be3890eeedaba
                                • Opcode Fuzzy Hash: 061ba6a30e1575c9477696d23efc4a266ba7e2a42d18c4f30ee7013d77fc0abd
                                • Instruction Fuzzy Hash: 6731BD31E00256FFDB22DF64C881AAE3BE9AF01314F14C5A9E4618B191D732DD80DB51
                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 6B942AC6
                                  • Part of subcall function 6B95F49D: _JNU_GetEnv@8.JAVA(6C975A58,00010002,6B95A2EA,00000004,6B8C7083,?,00000020,?,00000020,?), ref: 6B95F4AC
                                  • Part of subcall function 6B954450: GetCurrentThreadId.KERNEL32 ref: 6B95448B
                                  • Part of subcall function 6B954450: _CxxThrowException.MSVCR100(?,6B989788), ref: 6B9544A7
                                  • Part of subcall function 6B954450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B989788), ref: 6B9544B6
                                  • Part of subcall function 6B954450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9544BD
                                • wcslen.MSVCR100 ref: 6B942B22
                                • free.MSVCR100 ref: 6B942B3B
                                • _CxxThrowException.MSVCR100(?,6B989388), ref: 6B942B5C
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: ExceptionThrow$CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWaitfreewcslen
                                • String ID:
                                • API String ID: 3923742239-0
                                • Opcode ID: 0b1ebc12664ec9af369dc9cf359099fbb1f0ec73a3cc7ba8db6124106896a692
                                • Instruction ID: 760b2f45a1588ef306b2e3a1e129654e3695763d2f5440ce80cdf2a8cc81f8af
                                • Opcode Fuzzy Hash: 0b1ebc12664ec9af369dc9cf359099fbb1f0ec73a3cc7ba8db6124106896a692
                                • Instruction Fuzzy Hash: 4F110432919214AB9B20DFB488998EF7B69FF9A3A8B10455DE414D7241DB7CD601CBE0
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                • String ID:
                                • API String ID: 3016257755-0
                                • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                • Instruction ID: 975ff2c93c294c476a37201b2a0a3dcbc419f4499486e560263b307d8a601a4a
                                • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                • Instruction Fuzzy Hash: BE114B3200414ABFCF235E84DC018EE3F6BBB1E394F598525FA5899131C736C9B2AB81
                                APIs
                                • GetEnvironmentStringsW.KERNEL32(00000000,0002F8EF,00000000,00000000,7591DF80,?,00028FE7,00000000,00000000), ref: 000361D1
                                • __malloc_crt.LIBCMT ref: 00036200
                                • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,00000000,?,00028FE7,00000000,00000000), ref: 0003620D
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: EnvironmentStrings$Free__malloc_crt
                                • String ID:
                                • API String ID: 237123855-0
                                • Opcode ID: ea399ff0b8329e368f3166d4ff52cdd24e2535dd122659054e3fba0486ebfc9e
                                • Instruction ID: 691104eda6beb38457018781024d56a7c4b6af4fd2d88f8b52b579d0a0c6f1ba
                                • Opcode Fuzzy Hash: ea399ff0b8329e368f3166d4ff52cdd24e2535dd122659054e3fba0486ebfc9e
                                • Instruction Fuzzy Hash: AEF0E2B79000207A9EB36735BC49CAB276CDBD23A471E8426F802C3102F622CE8183E1
                                APIs
                                • __EH_prolog3.LIBCMT ref: 6B928A2C
                                  • Part of subcall function 6B8DF846: __EH_prolog3.LIBCMT ref: 6B8DF84D
                                  • Part of subcall function 6B964232: __onexit.MSVCRT ref: 6B96423A
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: H_prolog3$__onexit
                                • String ID: Dead Key Flags$VKEY translations
                                • API String ID: 896046064-1120667548
                                • Opcode ID: a6974ac67ee337ca5c019d69f9586368fe817c716a2c103846c395a81fc3c950
                                • Instruction ID: 9686082bb8b6e1fc39de9bc555dae5e6b61d25c9be13854bdaee0f1a70508193
                                • Opcode Fuzzy Hash: a6974ac67ee337ca5c019d69f9586368fe817c716a2c103846c395a81fc3c950
                                • Instruction Fuzzy Hash: 9A5126B9E68209ABEB288F748C927FE77B9AF16314F11057DE841AB2C4CB7CC5008751
                                APIs
                                  • Part of subcall function 0002394B: __strdup.LIBCMT ref: 0002394F
                                  • Part of subcall function 0002394B: _perror.LIBCMT ref: 0002395E
                                • _strpbrk.LIBCMT ref: 00026265
                                • _strpbrk.LIBCMT ref: 0002627F
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strpbrk$__strdup_perror
                                • String ID: .-_
                                • API String ID: 2917712977-376218738
                                • Opcode ID: 9f2206208871c4f1ec5f7fe82bd1871fb07fd105ff540fd218e746da27b6828f
                                • Instruction ID: 41b5f6f1d9782d99806263777dfef1c2a7f5aca62adfd61a317902fb006d4e11
                                • Opcode Fuzzy Hash: 9f2206208871c4f1ec5f7fe82bd1871fb07fd105ff540fd218e746da27b6828f
                                • Instruction Fuzzy Hash: 4011E932D05735EADB229AA97841B9EFBE8EF41B20F25006AE80477142DF729E0585D4
                                APIs
                                • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,00000104,Software\JavaSoft\Java Runtime Environment,?,?,?,00024909,?,CurrentVersion,?,00000104), ref: 00023AA5
                                • RegQueryValueExA.ADVAPI32(00000001,?,00000000,00000000,?,00000104,?,?,?,00024909,?,CurrentVersion), ref: 00023ACA
                                Strings
                                • Software\JavaSoft\Java Runtime Environment, xrefs: 00023A8C
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: QueryValue
                                • String ID: Software\JavaSoft\Java Runtime Environment
                                • API String ID: 3660427363-786720643
                                • Opcode ID: bef75fc9fc04afae2436036ef341195983bee6a1b3ea50425654eef6b59962a8
                                • Instruction ID: a9823c7375351b3044fa42a2cf8dba8926ca181f1d81215ee54408d1b06b882f
                                • Opcode Fuzzy Hash: bef75fc9fc04afae2436036ef341195983bee6a1b3ea50425654eef6b59962a8
                                • Instruction Fuzzy Hash: 88F0173160422DFAEF15CE80DD41FEE7BADEB04744F104061FA00A6050E771EF55AB62
                                APIs
                                  • Part of subcall function 0002517D: _strlen.LIBCMT ref: 00025189
                                  • Part of subcall function 0002517D: _memmove.LIBCMT ref: 000251E3
                                  • Part of subcall function 0002536B: _strlen.LIBCMT ref: 00025389
                                  • Part of subcall function 0002510A: _strlen.LIBCMT ref: 00025120
                                  • Part of subcall function 0002510A: _strlen.LIBCMT ref: 00025148
                                  • Part of subcall function 0002510A: _memmove.LIBCMT ref: 00025162
                                • __wgetenv.LIBCMT ref: 000254B0
                                Strings
                                • _JAVA_LAUNCHER_DEBUG, xrefs: 000254AB
                                • Expanded wildcards: before: "%s" after : "%s", xrefs: 000254BE
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: _strlen$_memmove$__wgetenv
                                • String ID: Expanded wildcards: before: "%s" after : "%s"$_JAVA_LAUNCHER_DEBUG
                                • API String ID: 1533977335-730970534
                                • Opcode ID: 7c7d007379eb42955ca47e8bdb877063b80fbcda68db17d2d738397cc314e8d5
                                • Instruction ID: 98c7b3e2bbb21fa968aeade2b937639beeeff9ae30f20a93e6760e757e058925
                                • Opcode Fuzzy Hash: 7c7d007379eb42955ca47e8bdb877063b80fbcda68db17d2d738397cc314e8d5
                                • Instruction Fuzzy Hash: B5E06556701B2032D12171FA3C43F8B528C8BC57A7F044026FB04DA1C3EE64890042BA
                                APIs
                                • J2dTraceImpl.AWT(00000001,00000001,OGLGC_DestroyOGLGraphicsConfig: info is null,?,6B8FD805,?,?,000000FF), ref: 6B91CBC2
                                  • Part of subcall function 6B90EA57: _J2dTraceInit@0.AWT(?,6B8B4EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B90EA63
                                  • Part of subcall function 6B90EA57: fprintf.MSVCR100 ref: 6B90EABA
                                  • Part of subcall function 6B90EA57: vfprintf.MSVCR100 ref: 6B90EACB
                                  • Part of subcall function 6B90EA57: fprintf.MSVCR100 ref: 6B90EAE5
                                  • Part of subcall function 6B90EA57: fflush.MSVCR100 ref: 6B90EAEF
                                • free.MSVCR100 ref: 6B91CBDA
                                Strings
                                • OGLGC_DestroyOGLGraphicsConfig: info is null, xrefs: 6B91CBB9
                                Memory Dump Source
                                • Source File: 00000005.00000002.2267521549.000000006B8B1000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B8B0000, based on PE: true
                                • Associated: 00000005.00000002.2267495654.000000006B8B0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267626294.000000006B969000.00000002.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267685099.000000006B9A4000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267741690.000000006B9A6000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267784368.000000006B9A7000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267838865.000000006B9A8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267863426.000000006B9A9000.00000008.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AA000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267889397.000000006B9AD000.00000004.00000001.01000000.00000017.sdmpDownload File
                                • Associated: 00000005.00000002.2267959620.000000006B9D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_6b8b0000_javaw.jbxd
                                Similarity
                                • API ID: Tracefprintf$ImplInit@0fflushfreevfprintf
                                • String ID: OGLGC_DestroyOGLGraphicsConfig: info is null
                                • API String ID: 320543924-797612303
                                • Opcode ID: 751333f6de17f040a17b88f970d23ece42fa87c705fece352828a796e9ad54dc
                                • Instruction ID: b190f9055b91e2329bd1811e6a7670f624c3abc256100d3ff12a5b7c4582f830
                                • Opcode Fuzzy Hash: 751333f6de17f040a17b88f970d23ece42fa87c705fece352828a796e9ad54dc
                                • Instruction Fuzzy Hash: CFD0C233E9892023D6112629B802FCB23695FD1B28F0A807AF404BB100D655E4C1A0E6
                                APIs
                                • __wgetenv.LIBCMT ref: 00023992
                                  • Part of subcall function 00023971: _vwprintf.LIBCMT ref: 00023983
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __wgetenv_vwprintf
                                • String ID: ----%s----$_JAVA_LAUNCHER_DEBUG
                                • API String ID: 3297135996-815448180
                                • Opcode ID: 3d3828e67e7e1fd2e2ba0c5cfdd700bf0881a6a2df331ea6d7685f89b3543310
                                • Instruction ID: 5f7af8174b43167119174a62ea534864ae0651d35d161718777904fb32509b2d
                                • Opcode Fuzzy Hash: 3d3828e67e7e1fd2e2ba0c5cfdd700bf0881a6a2df331ea6d7685f89b3543310
                                • Instruction Fuzzy Hash: 95C0126600D67115B65661747C03ED71ACC5B03338B15005AE808A92C3DF8959C182E9
                                APIs
                                • MessageBoxA.USER32(00000000,A Java Exception has occurred.,Java Virtual Machine Launcher,00000010), ref: 00023D63
                                Strings
                                • Java Virtual Machine Launcher, xrefs: 00023D57
                                • A Java Exception has occurred., xrefs: 00023D5C
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: Message
                                • String ID: A Java Exception has occurred.$Java Virtual Machine Launcher
                                • API String ID: 2030045667-3647220046
                                • Opcode ID: 295a862484b0017920b558ed37250400d8f3d28b3ba28c2345706edd98ddf75e
                                • Instruction ID: 7c11aae09fa1537075c6d33576ef938dc35247a6a6641cb9d031d48f4e708108
                                • Opcode Fuzzy Hash: 295a862484b0017920b558ed37250400d8f3d28b3ba28c2345706edd98ddf75e
                                • Instruction Fuzzy Hash: 74D0C9746843006FFE52E764AE0AF0A7AA86B96B06F140484B646AF1D286A99840EA00
                                APIs
                                • _malloc.LIBCMT ref: 00023908
                                  • Part of subcall function 0002A029: __FF_MSGBANNER.LIBCMT ref: 0002A042
                                  • Part of subcall function 0002A029: __NMSG_WRITE.LIBCMT ref: 0002A049
                                  • Part of subcall function 0002A029: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0002FE09,?,00000001,?,?,0002CE37,00000018,00042708,0000000C,0002CEC7), ref: 0002A06E
                                • _perror.LIBCMT ref: 00023917
                                  • Part of subcall function 00029F9B: ___lock_fhandle.LIBCMT ref: 00029FAE
                                  • Part of subcall function 00029F9B: _strlen.LIBCMT ref: 00029FC5
                                  • Part of subcall function 00029F9B: __write_nolock.LIBCMT ref: 00029FCD
                                  • Part of subcall function 00029F9B: __write_nolock.LIBCMT ref: 00029FD9
                                  • Part of subcall function 00029F9B: __get_sys_err_msg.LIBCMT ref: 00029FE8
                                  • Part of subcall function 00029F9B: _strlen.LIBCMT ref: 00029FF0
                                  • Part of subcall function 00029F9B: __write_nolock.LIBCMT ref: 00029FF8
                                  • Part of subcall function 00029F9B: __write_nolock.LIBCMT ref: 0002A005
                                  • Part of subcall function 00028A0A: _doexit.LIBCMT ref: 00028A16
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __write_nolock$_strlen$AllocateHeap___lock_fhandle__get_sys_err_msg_doexit_malloc_perror
                                • String ID: malloc
                                • API String ID: 3076456297-2803490479
                                • Opcode ID: 5c618926e1ec17f4f8529538cf03587540a4c3fde26447637eaf89ce2e63cc64
                                • Instruction ID: f7501ac744137c9ecf0bc222427c6d11e0b362be837bc671a7d19f9bb082eadf
                                • Opcode Fuzzy Hash: 5c618926e1ec17f4f8529538cf03587540a4c3fde26447637eaf89ce2e63cc64
                                • Instruction Fuzzy Hash: FCC09B153447216DF9553661BE1779A62849F53F54F50442AF504880D3DDD59C915113
                                APIs
                                • __strdup.LIBCMT ref: 0002394F
                                • _perror.LIBCMT ref: 0002395E
                                  • Part of subcall function 00029F9B: ___lock_fhandle.LIBCMT ref: 00029FAE
                                  • Part of subcall function 00029F9B: _strlen.LIBCMT ref: 00029FC5
                                  • Part of subcall function 00029F9B: __write_nolock.LIBCMT ref: 00029FCD
                                  • Part of subcall function 00029F9B: __write_nolock.LIBCMT ref: 00029FD9
                                  • Part of subcall function 00029F9B: __get_sys_err_msg.LIBCMT ref: 00029FE8
                                  • Part of subcall function 00029F9B: _strlen.LIBCMT ref: 00029FF0
                                  • Part of subcall function 00029F9B: __write_nolock.LIBCMT ref: 00029FF8
                                  • Part of subcall function 00029F9B: __write_nolock.LIBCMT ref: 0002A005
                                  • Part of subcall function 00028A0A: _doexit.LIBCMT ref: 00028A16
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2247264162.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true
                                • Associated: 00000005.00000002.2247239146.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247295349.000000000003C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247321095.0000000000044000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000005.00000002.2247345099.0000000000048000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_20000_javaw.jbxd
                                Similarity
                                • API ID: __write_nolock$_strlen$___lock_fhandle__get_sys_err_msg__strdup_doexit_perror
                                • String ID: strdup
                                • API String ID: 4113497227-3162730407
                                • Opcode ID: 003b71750758e4c36e38edcb61fdfe4f4c6b7049f9c2668e83bf5c42c4b33f71
                                • Instruction ID: 44098a8d46ab69706df0ab624c368c85a5cea24f9da4f5a672068d868c326758
                                • Opcode Fuzzy Hash: 003b71750758e4c36e38edcb61fdfe4f4c6b7049f9c2668e83bf5c42c4b33f71
                                • Instruction Fuzzy Hash: 8EC02B141007516CF5823622BE03B8A22480F11F10F50481AF000880C3EEC198900402